Regulations and Standards 1

Brief Description 2

System Features 3
SINUMERIK 840D sl/
SINAMICS S120 Safety Functions
SINUMERIK Safety Integrated Integrated in the Drive 4

Basic Information on
Safety Functions Integrated
in the System/Drive 5
Function Manual
System/Drive--
Based Safety Functions 6

Sensor/Actuator
Connection 7

Description of Data 8

Commissioning 9

Valid for Diagnostics 10

Control
SINUMERIK 840D sl Interaction with
SINUMERIK 840D sl (export version) other Functions 11
Drive
SINAMICS S120
Appendix A

Software version
CNC Software 4.7 SP2
Index I
SINUMERIK Operate 4.7

Edition 10/15
 SINUMERIK® documentation
3ls

Printing history

Brief details of this edition and previous editions are listed below.

The status of each edition is shown by the code in the ”Remarks” column.

Status code in the ”Remarks” column:

A . . . . . New documentation.
B . . . . . Unrevised reprint with new Order No.
C . . . . . Revised edition with new status.
If factual changes have been made on the page since
the last edition, this is indicated by a
new edition coding in the header on that page.

Edition Order No. Remarks

03/06 6FC5 397--4BP10--0BA0 A
03/07 6FC5 397--4BP10--1BA0 C
02/08 6FC5 397--4BP10--2BA0 C
05/09 6FC5 397--4BP10--3BA0 C
03/10 6FC5 397--4BP10--4BA0 C
02/12 6FC5 397--4BP40--3BA0 C
02/12 6FC5 397--4BP41--3BA0 C
03/13 6FC5 397--4BP40--4BA0 C
10/15 6FC5 397--4BP40--5BA3 C

Trademarks
All product designations may be trademarks or product names of Siemens AG or supplier
companies whose use by third parties for their own purposes could violate the rights of the
owners.

We have checked that the contents of this document correspond to

the hardware and software described. Differences, however, cannot
be excluded. The information given in this publication is reviewed at
regular intervals and any corrections that might be necessary are
made in the subsequent printings. We welcome suggestions for
improvement.
© Siemens AG 2006--2015 Subject to change without prior notice.

Printed in the Federal Republic of Germany Siemens--Aktiengesellschaft

10/15 AChapter
Preface

Preface

Legal information
Warning notice system
This manual contains information that you must observe in order to ensure your
own personal safety as well as to avoid material damage. The notices referring to
your personal safety are highlighted in the manual by a safety alert symbol (trian-
gular symbol), notices referring only to equipment damage have no safety alert
symbol. Depending on the hazard level, warnings are indicated in a descending
order as follows.

Danger
! indicates that death or severe personal injury will result if proper precautions are
not taken.

Warning
! indicates that death or severe personal injury may result if proper precautions are
not taken.

Caution
! with a warning triangle indicates that minor personal injury can result if proper
precautions are not taken.

Notice
indicates that material damage can result if proper precautions are not taken.

If more than one level of danger is simultaneously applicable, the warning notice
for the highest level is used. A warning note in a warning triangle indicating possi-
ble personal injury may also include a warning note relating to material damage.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition iii
Preface 10/15

Qualified personnel
The product/system described in this documentation may be operated only by per-
sonnel qualified for the specific task in accordance with the relevant documenta-
tion, in particular its warning notices and safety instructions. Because of their trai-
ning and experience, qualified personnel can recognize any risks involved with
handling this product/system and avoid any possible dangers.

Proper use of Siemens products

Note the following:

Warning
! Siemens equipment may only be used for the applications indicated in the catalog
and in the relevant technical documentation. If third--party products and
components are used, they must be recommended or approved by Siemens. To
ensure trouble--free and safe operation of the products, they must be appropriately
transported, stored, assembled, installed, commissioned, operated and
maintained. The permissible ambient conditions must be complied with. The notes
in the associated documentation must be complied with.

SINUMERIK documentation
The SINUMERIK documentation is organized in the following categories:
S General documentation
S User documentation
S Manufacturer/service documentation

Additional information
Information on the following topics is available at the link (www.siemens.com/mo-
tioncontrol/docu):
S Ordering documentation/overview of documentation
S Additional links to download documents
S Using documentation online (finding and searching in manuals/information)
Please send any questions about the technical documentation (e.g. suggestions
for improvement, corrections) to the following address:
docu.motioncontrol@siemens.com

© Siemens AG 2015 All Rights Reserved

iv SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Preface

My Documentation Manager (MDM)

Under the following link you will find information to individually compile OEM--speci-
fic machine documentation based on the Siemens content:
www.siemens.com/mdm

Training
For information about the range of training courses, refer to:
S www.siemens.com/sitrain
SITRAIN – training courses from Siemens for products, systems and solutions
in automation technology
S www.siemens.com/sinutrain
SinuTrain -- training software for SINUMERIK

FAQs
You can find Frequently Asked Questions in the Service&Support pages under
Product Support.
www.siemens.com/automation/service&support

SINUMERIK
You can find information on SINUMERIK under the following link:
www.siemens.com/sinumerik

Target group
This documentation is intended for manufacturers/end users of machine tools and
production machines who use SINUMERIK 840D sl and SINAMICS S120 and the
integrated safety functions (SINUMERIK Safety Integrated R)

Benefits
With the Function Manual, the target group can develop, write, test and debug pro-
grams and software user interfaces.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition v
Preface 10/15

Standard scope
This documentation describes the functionality of the standard scope. Additions or
revisions made by the machine manufacturer are documented by the machine ma-
nufacturer.
Other functions not described in this documentation might be executable in the
control system. This does not, however, represent an obligation to supply such
functions with a new controller or when servicing.
For the sake of simplicity, this documentation does not contain all detailed informa-
tion about all types of the product and cannot cover every conceivable case of in-
stallation, operation, or maintenance.

Technical support
You can find telephone numbers for other countries for technical support in the In-
ternet at ”Contact” (www.siemens.com/automation/service&support).

CompactFlash cards for users:

S SINUMERIK CNC supports the file systems FAT16 and FAT32 for Compact-
Flash cards. You may need to format the memory card if you want to use a me-
mory card from another device or if you want to ensure the compatibility of the
memory card with the SINUMERIK. However, formatting the memory card will
permanently delete all data on it.
S Do not remove the memory card while it is being accessed. This can lead to
damage of the memory card and the SINUMERIK as well as the data on the
memory card.
S If you cannot use a memory card with the SINUMERIK, it is probably because
the memory card is not formatted for the control system (e.g. Ext3 Linux file
system), the memory card file system is faulty, or it is the wrong type of me-
mory card.
S Insert the memory card carefully with the correct orientation into the memory
card slot (observe indicators such as arrow or similar). This way you avoid me-
chanical damage to the memory card or the device.
S Only use memory cards that have been approved by Siemens for use with SI-
NUMERIK. Even though the SINUMERIK keeps to the general industry stan-
dards for memory cards, it is possible that memory cards from some manufac-
turers will not function perfectly in this device or are not completely compatible
with it (you can obtain information on compatibility from the memory card manu-
facturer or supplier).
S The ”CompactFlash Card®5000 Industrial Grade” from SanDisk has been ap-
proved for SINUMERIK (Order Number 6FC5313--5AG00.0AA0).

© Siemens AG 2015 All Rights Reserved

vi SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Preface

Standard scope
The main areas covered by this description of functions are as follows:
S Regulations and standards
S Brief description
S System Features
S Safety Functions integrated in the drive
S Basics on the safety functions integrated in the system/drive
S Safety functions integrated in the system/drive
S Connecting Sensors/Actuators
S Data Description
S Commissioning
S Diagnostics
S Interaction with other functions
Separate documents are available for the user--oriented activities. These include,
for example, the creation of part programs and operation of the control systems.
Separate information is also available for operations that the machine tool manu-
facturer must carry out. These include, for example, configuring/engineering, instal-
lation and programming the PLC.

Notes on how to use this manual

The following help functions are available with this description of functions:
S Overall table of contents
S Appendix with abbreviations and references, glossary
S Index
If you require information about a certain term, please look for this particular term
under the chapter Index in the Appendix. Both the chapter number and the page
number, where you will find this particular information are listed there.

Documentation Edition 10/15

Note
The documentation Edition 10/15 describes the scope of functions for the following
products and software release:
SINUMERIK 840D sl with software release 4.7 SP2

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition vii
Preface 10/15

Notes

Note
This symbol always appears in the document where further information is
provided.

Test certificates
The Safety Integrated functions of the SINUMERIK are generally certified by inde-
pendent institutes. An up--to--date list of certified components is available on re-
quest from your local Siemens office. If you have any questions relating to certi-
fications that have not been completed, please ask your Siemens contact.

© Siemens AG 2015 All Rights Reserved

viii SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Content
1 Regulations and standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
1.1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
1.1.1 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
1.1.2 Functional safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
1.2 Safety of machinery in Europe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
1.2.1 Machinery directive (2006/42/EC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
1.2.2 Harmonized European standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
1.2.3 Standards for implementing safety--related controls . . . . . . . . . . . . . . . . . . 1-19
1.2.4 EN ISO 13849--1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
1.2.5 EN 62061 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
1.2.6 Series of standards EN 61508 (VDE 0803) . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
1.2.7 EN 60204--1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
1.2.8 EN 61800--5--2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
1.2.9 Risk analysis/assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
1.2.10 Risk minimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
1.2.11 Residual risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27
1.3 Machine safety in the USA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28
1.3.1 Minimum requirements of the OSHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28
1.3.2 NRTL Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29
1.3.3 NFPA 79 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29
1.3.4 ANSI B11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30
1.4 Machine safety in Japan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31
1.5 Equipment regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31
1.6 Other safety--related issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
1.6.1 Information sheets from the various regulatory bodies . . . . . . . . . . . . . . . . 1-32
1.6.2 Additional references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32
2 Brief description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-33
2.1 Control/drive system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-33
2.2 Safety technology integrated in the system . . . . . . . . . . . . . . . . . . . . . . . . . 2-35
2.2.1 Overview of the safety functions integrated in the system . . . . . . . . . . . . . 2-36
2.3 Safety technology integrated in the drive . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38
2.3.1 Overview of the safety functions integrated in the drive . . . . . . . . . . . . . . . 2-39
2.4 Comparison of the function names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-40
3 System Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
3.1 System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
3.2 Latest information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
3.3 Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
3.4 Probability of failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
3.5 Safety information & instructions and residual risks . . . . . . . . . . . . . . . . . . 3-45
3.5.1 General residual risks for PDS (Power Drive Systems) . . . . . . . . . . . . . . . 3-45
3.5.2 Additional safety information & instructions and residual risks for
Safety Integrated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition ix
Content 10/15

4 Safety Functions integrated in the drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51

4.1 General information about SINAMICS Safety Integrated . . . . . . . . . . . . . . 4-51
4.1.1 Explanations and terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
4.1.2 Supported functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
4.1.3 Supported functions: HLA module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
4.1.4 Parameter, checksum, version, password . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
4.1.5 Forced checking procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
4.2 Safety instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
4.3 Safe Torque Off (STO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
4.4 Safe Stop 1 (SS1, time controlled) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
4.4.1 SS1 (time--controlled) with OFF3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
4.4.2 SS1 (time--controlled) with external stop . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65
4.4.3 Overview of important parameters
(see Chapter 8.2.2 ”Description of parameters”) . . . . . . . . . . . . . . . . . . . . . 4-65
4.5 Safe Brake Control (SBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
4.6 Control via terminals on the Control Unit and the power unit . . . . . . . . . . . 4-69
4.6.1 Simultaneity and tolerance time of the two monitoring channels . . . . . . . . 4-71
4.6.2 Bit pattern test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
4.7 Commissioning the STO, SBC and SS1 functions . . . . . . . . . . . . . . . . . . . 4-74
4.7.1 General information about commissioning safety functions . . . . . . . . . . . . 4-74
4.7.2 Sequence when commissioning STO, SBC and SS1 . . . . . . . . . . . . . . . . . 4-76
4.7.3 Safety faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-80
4.8 Acceptance test and acceptance report . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82
4.9 Overview of parameters and function diagrams . . . . . . . . . . . . . . . . . . . . . . 4-82
4.10 PLC drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-84
5 Basics on the safety functions integrated in the system/drive . . . . . . . . . . . . . . 5-85
5.1 Monitoring cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-85
5.2 Crosswise data comparison (CDC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-87
5.3 Forced checking procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-88
5.4 Actual value conditioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-90
5.4.1 Encoder types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-90
5.4.2 Encoder adjustment, calibrating the axes . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-95
5.4.3 Axis states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-96
5.4.4 User agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-99
5.4.5 Taking into account selector gearboxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-101
5.4.6 Actual value synchronization (slip for 2--encoder systems) . . . . . . . . . . . . 5-103
5.4.7 Encoder limit frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-104
5.5 Enabling the safety--related functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-105
5.6 Switching the system on/off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-107
6 Safety functions integrated in the system/drive . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-109
6.1 Safe standstill (SH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-109
6.1.1 Switch--off signal paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-112
6.1.2 Testing the switch--off signal paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-113

© Siemens AG 2015 All Rights Reserved

x SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Content

6.2 Safe operating stop (SBH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-115

6.2.1 Selecting/deselecting the safe operating stop . . . . . . . . . . . . . . . . . . . . . . . 6-116
6.2.2 Effects when the limit is exceeded for SBH . . . . . . . . . . . . . . . . . . . . . . . . . 6-119
6.3 Safe Stops A--F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-122
6.3.1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-122
6.3.2 Description of STOP A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-129
6.3.3 Description of STOP B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-132
6.3.4 Description of STOP C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-133
6.3.5 Braking behavior for STOP B/C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-135
6.3.6 Description of STOP D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-135
6.3.7 Description of STOP E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-138
6.3.8 Description of STOP F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-140
6.3.9 Forced checking procedure of the external STOPs . . . . . . . . . . . . . . . . . . . 6-144
6.3.10 Canceling stopping delay times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-145
6.4 Safe acceleration monitoring (SBR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-147
6.5 Safely reduced speed (SG) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-151
6.5.1 Speed monitoring, encoder limit frequency . . . . . . . . . . . . . . . . . . . . . . . . . . 6-152
6.5.2 Selecting/deselecting safely reduced speed . . . . . . . . . . . . . . . . . . . . . . . . . 6-153
6.5.3 Effects when the limit value is exceeded for SG . . . . . . . . . . . . . . . . . . . . . 6-156
6.5.4 Override for safely reduced speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-159
6.5.5 Example: Override for safely reduced speed . . . . . . . . . . . . . . . . . . . . . . . . 6-162
6.6 Safe speed range identification ”n<nx” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-164
6.6.1 Base function ”n<nx” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-164
6.6.2 Function ”Synchronization, hysteresis and filtering n<nx” . . . . . . . . . . . . . 6-166
6.7 Safe software limit switches (SE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-171
6.7.1 Effects when an SE responds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-172
6.8 Safety software cams and safety cam track (SN) . . . . . . . . . . . . . . . . . . . . 6-175
6.8.1 Safe software cams (4 cam pairs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-176
6.8.2 Safe cam track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-180
7 Connecting Sensors/Actuators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-189
7.1 Safety--relevant input/output signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-189
7.1.1 Overview of the SGEs/SGAs and their structure . . . . . . . . . . . . . . . . . . . . . 7-189
7.1.2 Forced checking procedure of SPL signals . . . . . . . . . . . . . . . . . . . . . . . . . . 7-195
7.1.3 Connecting sensors -- actuators using the 3--terminal concept . . . . . . . . . 7-197
7.1.4 Sensor connection using the 4--terminal concept . . . . . . . . . . . . . . . . . . . . . 7-200
7.1.5 Multiple distribution and multiple interlocking . . . . . . . . . . . . . . . . . . . . . . . . 7-201
7.2 Connecting I/O via PROFIsafe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-204
7.2.1 Function description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-204
7.2.2 System structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-206
7.2.3 Configuring and parameterizing the PROFIsafe I/O . . . . . . . . . . . . . . . . . . 7-208
7.2.4 Parameterizing the F master (NCK) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-215
7.2.5 Parameterizing the PROFIsafe communication (NCK) . . . . . . . . . . . . . . . . 7-215
7.2.6 parameterizing the SPL--SGE interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-218
7.2.7 Parameterizing the SPL--SGA interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-223
7.2.8 Module type (NCK) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-227
7.2.9 Parameterizing the F master (PLC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-227
7.2.10 Response times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-228
7.2.11 Functionality of the SPL input/output data . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-231
7.2.12 Functional secondary conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-232

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition xi
Content 10/15

7.2.13 PROFIsafe communication behavior when system errors occur . . . . . . . . 7-233

7.3 Modular PROFIsafe I/O interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-234
7.3.1 PROFIsafe input modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-234
7.3.2 PROFIsafe output modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-237
7.4 Safety--related CPU--CPU communication (F_DP communication) . . . . . 7-239
7.4.1 Configuring and parameterizing the F_DP communication . . . . . . . . . . . . 7-242
7.4.2 Sender F_SENDDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-245
7.4.3 Receiver F_RECVDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-256
7.4.4 Mapping the SIMATIC blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-269
7.4.5 Parameterizing the PLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-271
7.4.6 Clock cycle setting of the F_DP communication . . . . . . . . . . . . . . . . . . . . . 7-272
7.4.7 Response times of the F_DP communication . . . . . . . . . . . . . . . . . . . . . . . . 7-272
7.4.8 Boot behavior of the F_DP communication . . . . . . . . . . . . . . . . . . . . . . . . . . 7-275
7.4.9 Communication error after the control boots and active SPL processing 7-277
7.4.10 Communication error when the control boots before SPL
processing starts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-280
7.4.11 Acknowledging a communication error with channel_1 reset . . . . . . . . . . . 7-280
7.4.12 F_DP communication for a system error . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-281
7.4.13 NCK/PLC data exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-283
7.4.14 Effects on the SPL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-283
7.4.15 Functionality of the SPL input/output data . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-284
7.4.16 Boundary conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-285
7.5 Safe programmable logic (SPL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-286
7.5.1 Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-286
7.5.2 Synchronized actions for Safety Integrated . . . . . . . . . . . . . . . . . . . . . . . . . 7-291
7.5.3 User configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-292
7.5.4 NCK--SPL program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-293
7.5.5 Starting the SPL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-295
7.5.6 Language scope for SAFE.SPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-301
7.5.7 Diagnostics/commissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-307
7.5.8 Safe software relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-308
7.5.9 System variables for SINUMERIK 840D sl . . . . . . . . . . . . . . . . . . . . . . . . . . 7-316
7.5.10 Behavior after power on / mode change / reset . . . . . . . . . . . . . . . . . . . . . . 7-321
7.5.11 SPL data on the PLC side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-321
7.5.12 Direct communications between NCK and PLC--SPL . . . . . . . . . . . . . . . . . 7-323
7.6 Safe Brake Test (SBT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-324
7.6.1 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-324
7.6.2 Parameterization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-325
7.6.3 Torque limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-329
7.6.4 Traversing direction for the brake test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-330
7.6.5 Brake control for SINUMERIK 840D sl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-330
7.6.6 Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-331
7.6.7 Description of FB11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-334
7.6.8 Application example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-336
7.6.9 Boundary conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-343
7.7 Safety Info Channel and Safety Control Channel . . . . . . . . . . . . . . . . . . . . . 7-344
8 Data Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-347
8.1 Machine data for SINUMERIK 840D sl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-347
8.1.1 Overview of the machine data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-347
8.1.2 Description of machine data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-354

© Siemens AG 2015 All Rights Reserved

xii SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Content

8.2 Parameters for SINAMICS S120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-430

8.2.1 Parameter overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-431
8.2.2 Description of parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-437
8.3 NCK--MD, that are read from Safety Integrated . . . . . . . . . . . . . . . . . . . . . . 8-494
8.4 Drive parameters that are read from the NCK--SI . . . . . . . . . . . . . . . . . . . . 8-495
8.5 Protection checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-497
8.6 Interface signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-498
8.6.1 Interface signals for SINUMERIK 840D sl . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-499
8.6.2 Description of the interface signal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-500
8.6.3 PLC data block (DB 18) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-510
8.6.4 Axis signals: Safety Control Channel (SCC) / Safety Info Channel (SIC) 8-528
8.7 System variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-530
8.7.1 System variables for SINUMERIK 840D sl . . . . . . . . . . . . . . . . . . . . . . . . . . 8-530
8.7.2 Description of the system variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-536
9 Commissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-549
9.1 Pictures of the user interface and softkeys . . . . . . . . . . . . . . . . . . . . . . . . . . 9-550
9.2 Procedure when commissioning the drive for the first time . . . . . . . . . . . . 9-562
9.3 Series commissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-568
9.4 Changing machine data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-570
9.5 Acceptance test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-572
9.5.1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-572
9.5.2 Conventional acceptance test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-580
9.5.3 Acceptance test support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-583
9.6 Replacing a motor or encoder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-588
10 Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-597
10.1 Troubleshooting procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-597
10.1.1 Service displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-598
10.1.2 Safety Integrated global checksums . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-614
10.1.3 Integrating safety SPL user alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-618
10.1.4 Trace bit graphics for Safety Integrated . . . . . . . . . . . . . . . . . . . . . . . . . . 10-624
10.2 NCK safety alarms for Sinumerik 840D sl . . . . . . . . . . . . . . . . . . . . . . . . 10-633
10.3 Safety messages for SINAMICS S120 . . . . . . . . . . . . . . . . . . . . . . . . . . 10-741
10.3.1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-741
10.3.2 List of faults and alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-744
10.4 Safety PLC alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-794
10.5 Reducing the number of alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-796
10.5.1 Alarm suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-796
10.5.2 Assigning priorities to alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-798
11 Interaction with other functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-801
11.1 Limiting the speed setpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-801
11.2 Setpoint exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-802
11.3 Measuring system changeover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-805

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition xiii
Content 10/15

11.4 Gantry axes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-805

11.5 Parking axis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-805
11.6 Incremental encoder functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-806
11.7 OEM applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-807
11.8 NCU link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-808
11.9 Behavior of the Sim--NCK systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-808
11.10 Behavior of Safety Integrated when the communication fails . . . . . . . . 11-810
11.10.1 Delayed pulse cancellation in the event of communication failure . . . 11-810
A Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-815
A.1 Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-815
A.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-817
A.3 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-818
A.4 Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-823
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-825

© Siemens AG 2015 All Rights Reserved

xiv SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Regulations and standards 1
1.1 General information

1.1.1 Objective

Manufacturers and operators of technical equipment and products are responsible

in minimizing the risk from plants, machines and other technical equipment corres-
ponding to state--of--the--art technology. Regulations and standards are essential
documents that define the minimum requirements to minimize risks. By maintaining
these minimum requirements, the company erecting a plant or a manufacturer of a
machine or a piece of equipment can prove that they have fulfilled their obligation
to exercise care and diligence.
Safety systems are designed to minimize potential hazards for both people and the
environment by means of suitable technical equipment, without restricting industrial
production and the use of machines more than necessary. Protection of man and
the environment is to be standardized using internationally harmonized safety stan-
dards. Further, unfair competition due to different local requirements is to be avoi-
ded.
There are different concepts and requirements in the various regions and countries
of the world when it comes to ensuring the appropriate degree of safety. The legis-
lation and the requirements of how and when proof is to be given and whether
there is an adequate level of safety are just as different as the assignment of
responsibilities.
For manufacturers of machines and companies that erect plants and systems it is
important that the local legislation and regulations always apply for that country
where the machine or plant is being operated. For instance, the control system of a
machine, that is to be used in the US, must fulfill the local US requirements even if
the machine manufacturer (OEM) is based in the European Economic Area (EEA).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-15
Regulations and standards 10/15
1.2 Safety of machinery in Europe

1.1.2 Functional safety

From the perspective of the object to be protected, safety is indivisible. The causes
of hazards and therefore also the technical measures to avoid them can vary signi-
ficantly. This is the reason that a differentiation is made between different types of
safety -- e.g. by specifying the cause of possible hazards. ”Functional safety” is
involved if safety depends on the correct function.
In order to achieve the functional safety of a machine or plant, it is necessary that
the safety--related parts of the protection and control devices function correctly.
And not only this, when faults develop, they must behave so that either the plant
remains in a safe state or it is brought into a safe state.
In this case, it is necessary to use specially qualified technology that fulfills the re-
quirements described in the relevant standards. The requirements to achieve func-
tional safety are based on the following basic goals:
S Avoiding systematic faults,
S Controlling systematic faults,
S Controlling random faults or failures.
The level of the functional safety achieved is expressed using different terms in the
standards. In EN 61508, EN 62061, EN 61800--5--2: ”Safety Integrity Level” (SIL)
and EN ISO 13849--1 ”Performance Level” (PL).

1.2 Safety of machinery in Europe

The EU Directives that apply to the implementation of products are based on Arti-
cle 95 of the EU contract, which regulates the free exchange of goods. These are
based on a new global concept (”new approach”, ”global approach”):
S EC directives only specify general protection goals and define basic safety re-
quirements.
S Technical details can be defined by means of standards by Standards Associa-
tions that have the appropriate mandate from the commission of the European
Parliament and Council (CEN, CENELEC). These standards are harmonized in
line with a specific directive and listed in the official journal of the commission of
the European Parliament and Council. Legislation does not specify that certain
standards have to be complied with. When the harmonized standards are com-
plied with, then it can be assumed that all of the applicable safety requirements
and specifications of the directives involved are fulfilled.
In order to market or sell a product in the European Economic Area (EEA), this
product must fulfill the protective goals and requirements of all of the applicable EC
directives. For machines, in addition to the machinery directive, these can also inc-
lude e.g. the EMC directive, the noise protection directive, the guideline for explo-
sion protection, the low--voltage directive.

© Siemens AG 2015 All Rights Reserved

1-16 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.2 Safety of machinery in Europe

1.2.1 Machinery directive (2006/42/EC)

With the introduction of a European Economic Area, a decision was made that the
domestic standards and regulations of all of the EEA Member States – that are
involved with the technical implementation of machines -- would be harmonized.
This means that the machinery directive had to be implemented -- as an internal
market directive -- as far as the content was concerned -- in the domestic legisla-
tion of the individual Member States. For the Machinery Directive, this was realized
with the aim of achieving standard safety objectives and, in turn, removing techni-
cal trade barriers. Corresponding to its definition ”a machine is an assembly of lin-
ked parts or components -- at least one of which moves”, this directive is extremely
extensive. With the revised version from 2006, the range of applications has been
expanded to include, among other things, ”Logic units for safety functions”.
The machinery directive involves the implementation of machines. The basic safety
and health requirements specified in Annex I of the Directive must be fulfilled for
the safety of machines.
The protective goals must be responsibly implemented in order to fulfill the require-
ments for conformity with the directive.
The manufacturer of a machine must provide proof that his machine is in com-
pliance with the basic requirements. This verification is facilitated by means of har-
monized standards.

1.2.2 Harmonized European standards

The two Standards Organizations CEN (Comité Européen de Normalisation) and

CENELEC (Comité Européen de Normalisation Électrotechnique), mandated by
the EU Commission, drew--up harmonized European standards in order to preci-
sely specify the requirements of the EC directives for a specific product. These
standards (EN standards) are published in the official journal of the commission of
the European Parliament and Council and must be included without revision in do-
mestic standards. They are designed to fulfill basic health and safety requirements
as well as the protective goals specified in Annex I of the Machinery Directive.
When the harmonized standards are complied with, then there is an ”automatic
assumption” that the directive is fulfilled. This means that the manufacturer may
then assume that he has complied with the safety aspects of the directive under
the assumption that they are also handled in that particular standard. However, not
every European Standard is harmonized in this sense. Key here is the listing in the
official journal of the commission of the European Parliament and Council.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-17
Regulations and standards 10/15
1.2 Safety of machinery in Europe

European standards relating to the safety of machines are structured in a hierarchi-

cal manner as follows:
S A standards (basic standards)
S B standards (group standards)
S C standards (product standards)
Type A standards/basic standards
A standards include basic terminology and definitions relating to all types of
machine.
A standards are aimed primarily at the bodies responsible for setting the B and C
standards. The measures specified here for minimizing risk, however, may also be
useful for manufacturers if no applicable C standards have been defined.
Type B standards/group standards
B standards cover all safety--related standards for various different machine types.
B standards are also aimed primarily at the bodies responsible for setting C stan-
dards. They can also be useful for manufacturers during the machine design and
construction phases, however, if no applicable C standards have been defined.
A further sub--division has been made for B standards, and more precisely in:
-- Type B1 standards for higher--level safety aspects, e.g. basic ergonomic
principles, safety clearances from hazards, minimum clearances to avoid
crushing parts of the body.
-- Type B2 standards for protective safety devices are defined for various
machine types – e.g. Emergency Stop devices, two--hand operating circuits,
interlocking elements, contactless protective devices, safety--related parts of
controls.
Type C standards/product standards
C standards are standards for specific products – for instance, machine tools,
woodworking machines, elevators, packaging machines, printing machines etc.
Product standards list requirements for specific machines. The requirements can,
under certain circumstances, deviate from the basic and group standards. Type
C/product standards have the highest priority for machine manufacturers The
machine manufacturer can then assume that it fulfills the basic requirements of
Attachment I of the machinery directive (automatic presumption of compliance).
If no product standard has been defined for a particular machine, type B standards
can be applied when the machine is being constructed.
A complete list of the standards and the mandated draft standards are available on
the Internet at the following address:
http://www.newapproach.org/
Recommendation: Due to the rapid pace of technical development and the asso-
ciated changes in machine concepts, the standards (and C standards in particular)
should be checked to ensure that they are up to date. Where appropriate, note that
the application of a particular standard may not be mandatory provided that all the
safety requirements of the applicable EC directive are fulfilled.

© Siemens AG 2015 All Rights Reserved

1-18 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.2 Safety of machinery in Europe

1.2.3 Standards for implementing safety-- related controls

If the functional safety of the machine depends on control functions, then the con-
trol must be implemented so that the probability of failure of the safety--related
functions is sufficiently low. The standards EN ISO 13849--1 and EN 62061 define
guidelines for implementing safety--related machine controls which, when properly
applied, ensure that all the safety requirements of the EC Machinery Directive are
fulfilled. These standards ensure that the relevant safety requirements of the Ma-
chinery Directive are fulfilled.

Any architectures, Defined architectures, restricted

all SIL 1 -- 3 (from PL b) maximum PL for electronics

EN 62061
Safety of machinery EN ISO 13849
Functional safety, safety-- Safety of machinery
related electrical, electronic
Safety--related parts of
and programmable electronic controls
control systems

Sector standard EN 62061 for For deviations from the defined

the area of machines below architectures, reference to
EN 61508 EN 61508

Universal use for electrical, electronic and programmable electronic

systems, that execute safety functions or guarantee functional safety

EN 61508
functional safety, safety--related electrical/electronic/
programmable electronic control systems
(Parts 0 to 7)

The areas of application of EN ISO 13849--1, EN 62061, and the series of

EN 61508 standards are very similar. In order to help users make a decision, the
application areas of both standards are listed in a common table in the introduction
to the standard. Either EN ISO 13849--1 or EN 62061 are applied depending on
the technology (mechanical, hydraulic, pneumatic, electrical, electronic, program-
mable electronic), risk classification, or architecture.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-19
Regulations and standards 10/15
1.2 Safety of machinery in Europe

Systems for executing EN ISO 13849--1 EN 62061

safety--related control
functions
A Non--electrical (e.g. hydraulic, X Not covered
pneumatic)
B Electromechanical (e.g. relay Restricted to the designated ar- All architectures and max. up to
and/or basic electronics) chitectures (see comment 1) SIL 3
and max. up to PL = e
C Complex electronics (e.g. pro- Restricted to the designated ar- All architectures and max. up to
grammable electronics) chitectures (see comment 1) SIL 3
and max. up to PL = d
D A combined with B Restricted to the designated ar- X
chitectures (see comment 1) See comment 3
and max. up to PL = e
E C combined with B Restricted to the designated ar- All architectures and max. up to
chitectures (see comment 1) SIL 3
and max. up to PL = d
F C combined with A or X X
C combined with A and B See comment 2 See comment 3
”X” indicates that the point is covered by this standard.
Comment 1:
Designated architectures are described in Annex B of EN ISO 13849--1 and provide a simplified basis for
the quantification
Comment 2:
For complex electronics: Using designated architectures in compliance with EN ISO 13849--1 up to
PL = d or every architecture in compliance with EN 62061
Comment 3:
For non--electrical systems: Use parts/components that correspond to EN ISO 13849--1 as subsystems

1.2.4 EN ISO 13849-- 1

EN ISO 13849--1 is based on previous standard EN 954--1, and additionally

requires a quantitative consideration of the safety functions. The following safety--
related parameters are required for components/devices:
S Category (structural requirement)
S PL: Performance Level
S MTTFd: Mean time to dangerous failure
S DC: Diagnostics Coverage
S CCF: Common Cause Failure
The standard describes how the performance level (PL) is calculated for safety--
related components of the controller on the basis of designated architectures. In
the event of any deviations from this, EN ISO 13849--1 refers to EN 61508.
When combining several safety--related parts to form a complete system, the stan-
dard explains how to determine the resulting PL.

© Siemens AG 2015 All Rights Reserved

1-20 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.2 Safety of machinery in Europe

1.2.5 EN 62061

EN 62061 (this is identical to IEC 62061) is a sector--specific standard below

EN 61508. It describes the implementation of safety--related electrical control
systems of machines and takes into account the complete lifecycle -- from the con-
ceptual phase to de--commissioning. The standard is based on the quantitative and
qualitative analyses of safety functions,
whereby it systematically applies a top--down approach to implementing complex
control systems (known as ”functional decomposition”). The safety functions deri-
ved from the risk analysis are sub--divided into sub--safety functions, which are
then assigned to real devices, subsystems, and subsystem elements. Both the
hardware and software are covered. EN 62061 also describes the requirements
placed on implementing application programs.
A safety--related control systems comprises different subsystems. From a safety
perspective, the subsystems are described by means of the characteristic quanti-
ties (SIL claim limit and PFHD).
Programmable electronic devices, e.g. PLCs or variable--speed drives must
comply with EN 61508. They can then be integrated into the control system as
subsystems. The following safety--related characteristic quantities must be speci-
fied by the manufacturers of these devices.
Safety--related characteristic quantities for subsystems:
S SIL CL: SIL claim limit
S PFHD: Probability of dangerous failures per hour
S T1: Lifetime
Basic subsystems, e.g. sensors and actuators comprising electromechanical com-
ponents, can, in turn, comprise different interconnected subsystem elements (devi-
ces) with the characteristic quantities to determine the corresponding PFHD value
of the subsystem.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-21
Regulations and standards 10/15
1.2 Safety of machinery in Europe

Safety--related characteristic quantities for subsystem elements (devices):

S λ: Failure rate
S B10 value: for elements that are subject to wear
S T1: Lifetime
For electro--mechanical devices, a manufacturer specifies a failure rate λ referred
to the number of operating cycles. The failure rate per unit time and the lifetime
must be determined using the switching frequency for the particular application.
Parameters for the subsystem, which comprises subsystem elements, that must
be defined during the design phase:
S T2: Diagnostic test interval
S β: Susceptibility to common cause failure
S DC: Diagnostic coverage
The PFHD value of the safety--related control system is determined by adding the
individual PFHD values of the subsystems.
The user has the following options when setting up a safety--related control sy-
stem:
S Using devices and subsystems that already comply with EN ISO13849--1 or
EN 61508 and/or EN 62061. The standard provides information specifying how
qualified devices can be integrated when safety functions are implemented.
S Develop own subsystems.
-- Programmable, electronic systems and complex systems: Application of
EN 61508 or EN 61800--5--2.
-- Simple devices and subsystems: Application of EN 62061.
Data on non--electrical systems is not included in EN 62061. The standard provi-
des detailed information on implementing safety--related electrical, electronic, and
programmable electronic control systems. EN ISO 13849--1 must be applied for
non--electric systems.

Note
Details of basic subsystems that have been implemented and integrated are
available as function examples.

Note
IEC 62061 has been ratified as EN 62061 in Europe and harmonized as part of the
Machinery Directive.

© Siemens AG 2015 All Rights Reserved

1-22 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.2 Safety of machinery in Europe

1.2.6 Series of standards EN 61508 (VDE 0803)

The series of standards describe state--of--the--art technology.

EN 61508 is not harmonized in line with any EU directives, which means that an
automatic presumption of conformity for fulfilling the protective requirements of a
directive is not implied. However, the manufacturer of a safety--related product can
use EN 61508 to fulfill basic requirements from the European directives according
to the new concept. For instance in the following cases:
S If no harmonized standard exists for the application in question. In this case, the
manufacturer can use EN 61508, although no presumption of conformity ap-
plies here.
S A harmonized European standard (e.g. EN 62061, EN ISO 13849,
EN 60204--1) makes reference to EN 61508. This ensures that the appropriate
requirements of the directives are complied with (”standard that is also applica-
ble”). If the manufacturer correctly applies EN 61508 in the sense of this refe-
rence and acts responsibly, then he uses the presumption of conformity of the
referencing standard.
EN 61508 covers all the aspects that must be taken into account when E/E/PES
systems (electrical, electronic, and programmable electronic systems) are used in
order to execute safety functions and/or to ensure the appropriate level of functio-
nal safety. Other hazards, e.g. hazards as a result of electric shock are not inclu-
ded in the standard.
A new aspect of EN 61508 is its positioning as ”International Basic Safety Publi-
cation”, which makes it a framework for other sector--specific standards (e.g.
EN 62061). As a result, this standard is now accepted worldwide, particularly in
North America and in the automotive industry. Today, many regulatory bodies
already specify it, e.g. as basis for NRTL listing.
A new aspect of EN 61508 is also its system approach. This extends the technical
requirements to the complete safety installation -- from the sensor to the actuator --
the quantification of the probability of dangerous failure due to random hardware
failures and the generation of documentation associated with every phase of the
complete safety--related lifecycle of the E/E/PES.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-23
Regulations and standards 10/15
1.2 Safety of machinery in Europe

1.2.7 EN 60204-- 1

European standard EN 60204--1 is based on the modified ISO edition of

IEC 60204--1. It includes general requirements and recommendations for the elec-
trical, electronic and programmable electronic equipment of machines with rated
voltages up to and including 1000 V AC/ 1500 V DC at rated frequencies up to and
including 200 Hz, in order to:
-- Promote the safety of persons and assets
-- Maintain the correct functioning
-- Simplify service and maintenance

The equipment, which is covered by EN 60204--1, starts at the point of connection

to the line supply of the electrical equipment of the machine and ends at the motor
shaft.

1.2.8 EN 61800-- 5-- 2

The European product standard EN 61800--5--2 has taken the international stan-
dard IEC 61800--5--2 without any changes.
It defines requirements and gives recommendations for designing and developing,
integrating and validating safety--relevant power drive systems with adjustable
speed (PDS(SR)) regarding their functional safety.
This standard is only applicable if the functional safety of a PDS(SR) is used and
the PDS(SR) is operated in a mode with a high number or continuous demand
(demand mode). The EN 61508 series of standards should be used for operating
modes with a low demand (low demand mode).
This part of EN 61800 discusses the safety--related evaluation of a PDS(SR) within
the framework of the EN 61508 series of standards and introduces requirements
placed on a PDS(SR) as subsystems of a safety--relevant system. This therefore
permits the implementation of the electrical/electronic/programmable electronic
(E/E/PE) elements of a PDS(SR) taking into account the safety--relevant perfor-
mance of the safety function(s) of a PDS.
Manufacturers and suppliers of PDS(SR) can prove to users (i.e. integrators of
control systems, developers of machines and plants etc.) the safety--relevant
performance of their equipment by implementing the specifications laid down in
EN 61800--5--2. When this part of EN 61800 is complied with, all of the require-
ments of the EN 61508 series of standards, which are specified for a PDS(SR),
are fulfilled.
This part of EN 61800 is only valid for PDS(SR), which implement safety functions
up to SIL 3.
The following basic requirements of the EC machinery directive are covered in
EN 61800--5--2:
S Safety and reliability of controls
S Faults in control circuits.

© Siemens AG 2015 All Rights Reserved

1-24 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.2 Safety of machinery in Europe

1.2.9 Risk analysis/assessment

Systems and machines represent risks due to their design and functionality. For
this reason, the Machinery Directive requires that a risk assessment be performed
for each machine and, if necessary, the level of risk reduced until the residual risk
is less than the tolerable risk. To assess these risks, the following standard must
be applied:
S DIN EN ISO 12100 ”Safety of Machinery -- General Design Principles -- Risk
Assessment and Minimizing Risks”
S DIN EN ISO 13849--1 ”Safe control of machinery -- Safety--related parts of
control systems”
EN ISO 12100 mainly describes the risks to be considered and the design princi-
ples to minimize risks -- as well as the iterative process when assessing and redu-
cing risks to achieve the appropriate degree of safety.
Risk assessment is a procedure that allows hazards resulting from machines to be
systematically investigated. Where necessary, the risk assessment is followed by a
risk reduction procedure. When this procedure is repeated, an iterative process is
obtained (see Fig. 1-1), which can then be used to eliminate hazards as far as pos-
sible and so that the appropriate protective measures can be taken.
The risk assessment involves the
S Risk analysis
a) Determining the machine limits
b) Identifying hazards
c) Techniques to estimate risk
S Risk evaluation
As part of the iterative process to achieve the appropriate degree of safety, after
the risk has been analyzed the risk is assessed. Then, a decision must be made
as to whether the residual risk must be reduced. If the risk is to be further reduced,
suitable protective measures must be selected and applied. The risk assessment
must then be repeated.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-25
Regulations and standards 10/15
1.2 Safety of machinery in Europe

START

Determine the machine limits

Identify the potential hazard Risk analysis Risk assessment

Risk estimation

Risk evaluation

Yes END
Is the machine safe?

No

Risk minimization

Minimizing risks and selecting suitable protective measures are not part of the risk assessment

Figure 1-1 Iterative process to achieve safety in compliance with DIN EN ISO 12100

Risks must be reduced by suitably designing and implementing the machine. For
instance a control system or protective measures suitable for the safety--related
functions.
If the protective measures involve the use of interlocking or control functions, these
must be designed in accordance with EN ISO 13849--1. For electrical and electro-
nic controls, EN 62061 can be used as an alternative to EN ISO 13849--1. Electro-
nic controls and bus systems must also comply with EN 61508.

© Siemens AG 2015 All Rights Reserved

1-26 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.2 Safety of machinery in Europe

1.2.10 Risk minimization

Risk minimization measures for a machine can be implemented using safety--rela-

ted control functions in addition to structural measures. To implement these control
functions, special requirements must be taken into account, graded according to
the magnitude of the risk. These are described in EN ISO 13849--1 or, in the case
of electrical control systems (particularly programmable electronics), in EN 61508
or EN 62061.
The requirements relating to safety--related parts of control systems are graded
according to the magnitude of the risk and the level to which the risk needs to be
reduced.
EN ISO 13849--1 defines a risk flow chart that instead of categories results in hie-
rarchically graduated Performance Levels (PL).
EN 62061 and the series of EN 61508 standards use the ”Safety Integrity Level”
(SIL) to make this type of classification. This is a quantified measure of the safety--
related performance of a control system.
The necessary SIL is also determined using the principle of risk assessment accor-
ding to EN ISO 14121 (EN 1050). A technique to determine the required Safety
Integrity Level (SIL) is described in Annex A of EN 62061.
It is always important, independent of which standard is applied, that all parts of
the machine control system that are involved in executing safety--related functions
fulfill these requirements.

1.2.11 Residual risk

In today’s technologically advanced world, the concept of safety is relative. In prac-

tice, safety cannot be implemented that guarantees a ”zero risk” situation. The re-
sidual risk is the risk that remains once all the relevant protective measures have
been implemented in accordance with the latest state of the art technology.
Residual risks must be clearly referred to in the machine/plant documentation (user
information according to EN ISO 12100).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-27
Regulations and standards 10/15
1.3 Machine safety in the USA

1.3 Machine safety in the USA

An essential difference in the legal requirements regarding safety at work between
the US and Europe is the fact that in the US there is no legislation regarding ma-
chinery safety that is applicable in all of the US states and that defines the respon-
sibility of manufacturers/sales&marketing organizations. On the other hand, there
is a general requirement that the employer must offer a safe workplace.

1.3.1 Minimum requirements of the OSHA

The Occupational Safety and Health Act (OSHA) from 1970 regulates the require-
ment that employers must offer a safe place of work. The core requirements of
OSHA are in Section 5 ”Duties”.
The requirements of the OSH Act are administered by the Occupational Safety and
Health Administration (also known as OSHA). OSHA employs regional inspectors
that check whether workplaces are in compliance with the valid regulations.
The regulations of OSHA, relevant for safety at work, are described in OSHA 29
CFR 1910.xxx (”OSHA Regulations (29 CFR) PART 1910 Occupational Safety and
Health”). (CFR: Code of Federal Regulations.)
http://www.osha.gov
The application of standards is regulated in 29 CFR 1910.5 ”Applicability of stan-
dards”. The concept is similar to that used in Europe. Standards for specific pro-
ducts have priority over general standards if the relevant aspects are handled
there. When the standard is fulfilled, the employer can assume that he has fulfilled
the core requirements of the OSM Act regarding the aspects handled by the stan-
dards.
In conjunction with certain applications, OSHA specifies that all electrical equip-
ment and devices that are used to protect workers must be authorized by an
OSHA--certified, Nationally Recognized Testing Laboratory (NRTL) for the specific
application.
In addition to the OSHA regulations, it is important that the current standards from
organizations such as NFPA and ANSI are carefully observed as well as the exten-
sive product liability legislation that exists in the US. Due to the product liability le-
gislation, it is in the interests of manufacturing and operating companies that they
carefully maintain the applicable regulations and are ”forced” to fulfill the require-
ment to use state--of--the--art technology.
Third--party insurance companies generally demand that their customers fulfill the
applicable standards of the Standards Organizations. Initially, self--insured compa-
nies do not have this requirement, but, in the case of an accident, they must prove
that they have applied generally recognized safety principles.

© Siemens AG 2015 All Rights Reserved

1-28 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.3 Machine safety in the USA

1.3.2 NRTL Listing

All electrical equipment and devices that are used in the US to protect workers
must be certified for the particular application by a ”Nationally Recognized Testing
Laboratory” (NRTL) certified by OSHA. NRTLs are authorized to certify equipment
and material by means of listing, labeling, or similar. Domestic standards such as
the NFPA 79 and also international standards such as e.g. the series of IEC 61508
standards for E/E/PES systems form the basis for testing.

1.3.3 NFPA 79

NFPA 79 (Electrical Standard for Industrial Machinery) applies to electrical equip-

ment on industrial machines with rated voltages of less than 600 V. (A group of
machines that operate together in a coordinated fashion is also considered to be
one machine.)
For programmable electronics and communication buses, NFPA 79 states as basic
requirement, that these must be listed if they are to be used to implement and ex-
ecute safety--related functions. If this requirement is fulfilled, then electronic con-
trols and communication buses can also be used for Emergency Stop functions,
Stop Categories 0 and 1 (refer to NFPA 79 9.2.5.4.1.4). Just like IEC 60204--1,
NFPA 79 no longer specifies that the electrical energy must be disconnected by
electromechanical means for Emergency Stop functions.
The core requirements placed on programmable electronics and communication
buses include:
System requirements (refer to NFPA 79 9.4.3)
S Control systems that include software--based controllers, must,
(1) If an individual fault occurs,
-- bring the system into a safe state to shut it down
-- prevent restarting until the fault has been removed
-- prevent unexpected starting
(2) Provide protection comparable to hard--wired controls
(3) Be implemented corresponding to a recognized standard that defines the
requirements for such systems.
S EN 61508, EN 62061, ISO 13849--1/--2, EN 61800--5--2 are mentioned in a note
that they are suitable standards.
Underwriter Laboratories (UL) has defined a special Category for ”Program-
mable Safety Controllers” for implementing this requirement (code NRGF). This
category covers control devices that contain software and are designed for use
in safety--related functions.
A precise description of the category and a list of devices that fulfill this require-
ment can be found on the Internet at the following address:

http://www.ul.com --> certifications directory --> UL Category code/ Guide infor-

mation --> search for category ”NRGF”

TUV Rheinland of North America, Inc. is also an NRTL for these applications.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-29
Regulations and standards 10/15
1.3 Machine safety in the USA

1.3.4 ANSI B11

ANSI B11 standards are joint standards, that were developed by associations such
as e.g. the Association for Manufacturing Technology (AMT) and the Robotic Indu-
stries Association (RIA).
The hazards of a machine are evaluated by means of a risk analysis/assessment.
Risk analysis is an important requirement in accordance with NFPA79, ANSI/RIA
15.06, ANSI B11.TR--3 and SEMI S10 (semiconductors). The documented findings
of a risk analysis can be used to select a suitable safety system based on the sa-
fety class of the application in question.

© Siemens AG 2015 All Rights Reserved

1-30 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Regulations and standards
1.4 Machine safety in Japan

1.4 Machine safety in Japan

The situation in Japan is different than that in Europe and the US. Comparable
legislation relating to functional safety, as is the case in Europe, does not exist.
Further, product liability does not play a role such as it is in the US.
There are no legal requirements to apply standards but an administrative recom-
mendation to apply JIS (Japanese Industrial Standard):
Japan bases its approach on the European concept and uses basic standards as
its national standards (see Table 1-1).

Table 1-1 Japanese standards

ISO/IEC number JIS number Remark

ISO12100 JIS B 9700--1 Earlier designation, TR B 0008
ISO14121--1 / EN1050 JIS B 9702
ISO13849--1 JIS B 9705--1
ISO13849--2 JIS B 9705--1
IEC60204--1 JIS B 9960--1 Without annex F or route map of the European foreword
IEC61508--0 to --7 JIS C 0508
IEC62061 JIS number not yet assigned

1.5 Equipment regulations

In addition to the requirements laid down in guidelines and standards, company--
specific requirements must be taken into account. Especially large corporations --
e.g. automobile manufacturers -- place high requirements on the automation com-
ponents, that are then often listed in their own equipment specifications.
Safety--related subjects (e.g. operating modes, operator actions with access to
hazardous areas, Emergency Stop concepts) should be clarified with customers at
an early phase so that they can be integrated in the risk assessment/risk reduction.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 1-31
Regulations and standards 10/15
1.6 Other safety--related issues

1.6 Other safety--related issues

1.6.1 Information sheets from the various regulatory bodies

Safety--related measures to be implemented cannot always be derived from

directives, standards or regulations. In this case, supplementary information and
explanations are required.
Some regulatory bodies issue publications on an extremely wide range of subjects.
Information sheets covering the following areas are available, for example:
S Process monitoring in production environments
S Axes subject to gravitational force
S Roller pressing machines
S Lathes and turning centers -- purchasing/selling
These information sheets handling specific subjects and issues can be ordered
from all parties interested -- e.g. for providing support in operations, when drawing--
up regulations or for implementing safety--related measures at machines, plants
and systems. These information sheets provide support in machinery construction,
production systems, steel construction.
At the following Internet address, under ”Service and Contact” --> ”Downloads” -->
”Information sheets FA MFS” you can download fact sheets (not only for axes that
can fall due to gravity, but also regarding process monitoring):
http://www.bghm.de

1.6.2 Additional references

S Safety Integrated: The Safety System for Industry (5th Edition and supple-
ment), Order No. 6ZB5 000--0AA01--0BA1
S Safety Integrated -- Terms and Standards -- Machine Safety Terminology
(Edition 04/2007), Order No. E86060--T1813--A101--A1

© Siemens AG 2015 All Rights Reserved

1-32 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Brief description 2
2.1 Control/drive system
In order to implement safety--related measures, up until now, external equipment
and devices were used -- e.g. contactors, switches, cams and monitoring devices.
If a hazardous situation is detected, these devices generally interrupt the power
circuit using contacts, thus stopping the motion, see Fig. 2-1.

External safety
technology

CNC

Drive
control unit
Drive
control Integrated
unit safety
technology

External safety
technology

M M

Figure 2-1 Safety technology: External ------>Integrated

With the integration of safety functions, drive systems and CNC controls perform
safety functions in addition to their functional tasks. Very short response times can
be achieved because of the short data paths from acquisition of the safety--related
information -- e.g. speed or position -- up to evaluation.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 2-33
Brief description 10/15
2.1 Control/drive system

The systems with integrated safety technology generally respond very quickly
when the permissible limit values are violated, e.g. position and velocity limit
values. They can be of decisive importance for the required monitoring result. The
integrated safety technology can directly access the power semiconductors in the
drive controller without using electromechanical switching devices in the power cir-
cuit. This helps reduce the susceptibility to faults -- and the integration also reduces
the amount of cabling.
A combination of safety technology integrated in the system and drive can be used
for each axis at a machine tool (SINAMICS Basic Safety functions).

© Siemens AG 2015 All Rights Reserved

2-34 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Brief description
2.2 Safety technology integrated in the system

2.2 Safety technology integrated in the system

SINUMERIK Safety Integrated

Using the SINUMERIK Safety Integrated function, for SINUMERIK 840D sl, for all
power/performance classes, integrated safety functions are available in conjunction
with the SINAMICS S120 drive system; these are used to monitor standstill (zero
speed), velocity and position.
SINAMICS S120 is used in conjunction with 1FT6/1FK6/1FK7 three--phase servo-
motors and 1FN linear motors for feed drives as well as 1FE and 1PH motors for
main spindle drives.
The safety--related sensors and actuators are connected through distributed I/O
via PROFIBUS--DP, PROFINET with the PROFIsafe profile, e.g. ET 200S,
ET 200pro, ET 200eco, DP/AS--i F--Link.
This means that a complete digital system is available that is suitable for complex
machining tasks.
A two--channel, diverse system structure is formed on the basis of an existing
multi--processor structure.

Safety-- Safety--
PLC
related related
sensors actuators
SPL--CDC Crosswise data
Comm. CDC comparison

NCK

Axis Crosswise data

CDC comparison
Measuring
value Drive
system control
Crosswise data Switch--off
Drive comparison signal paths
CDC

Motor Brake
Module
control Motor

=> Safety--related monitoring functions

Figure 2-2 Evaluation/logic with monitoring functions

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 2-35
Brief description 10/15
2.2 Safety technology integrated in the system

Features of the two--channel, diverse structure

A two--channel, diverse structure is characterized by the following features:
S Two--channel structure with at least 2 independent computers (i.e. computers
with different hardware and software).
S Crosswise result and data comparison with forced checking procedure for the
purpose of detecting internal errors even in functions that are not often used
(dormant errors).
S The computers can access data, reaction--free and decoupled at the shared
(common) interfaces (e.g. actual value input).

Detecting
The actual values of the individual axes are sensed by the sensor modules through
two channels and are provided to the drive and control.
In order to connect sensors and actuators in a safety--related fashion, their process
signals must be connected--in for further processing.

Evaluating
The safety--related functions are executed independently of one another by the
NCK--CPU, PLC--CPU and the drive CPUs. The CPUs cyclically and mutually com-
pare their safety--related data and results (crosswise data comparison). A test can
be carried out -- initiated by the CPUs -- to check the shutdown paths and actuators
(forced checking procedure).

Reacting
When the integrated safety--related functions respond, the drive processors, the
PLC processor and/or the NCK processor can act on the connected actuators in a
safety--related fashion in--line with the actual situation. For example, the appro-
priate stop responses for the drives can be initiated and the actuators shutdown via
the shutdown paths.

2.2.1 Overview of the safety functions integrated in the system

The safety--related functions are available in all of the operating modes and can
communicate with the process via safety--related input/output signals. They can be
implemented for each individual axis and spindle.
S Safe shutdown (stops)
When a monitoring function or a sensor responds (e.g. a light grid), the drives
are safely controlled down to standstill, optimally adapted to the actual opera-
ting state of the machine.

© Siemens AG 2015 All Rights Reserved

2-36 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Brief description
2.2 Safety technology integrated in the system

S Safe acceleration monitoring (SBR)

Monitors the speed characteristic. The speed must be reduced after a stop
request has been issued.
S Safe standstill (SH)
The drive pulses are suppressed, allowing the energy feed to be safely and
electronically disconnected.
S Safe operating stop (SBH)
Monitors the drives during standstill (to ensure that they remain stationary).
The drives remain fully functional in closed--loop control.
S Safely reduced speed (SG) including override
Configured speed limits are monitored, e.g. when setting--up without using an
agreement button.
S Safe speed range identification ”n<nx”
This is used to detect the velocity range of a drive in a safety--related fashion.
S Safe software limit switches (SE)
Variable traversing range limits
S Safety software cams and safety cam track (SN)
Range detection
S Safety--relevant input/output signals (SGE/SGA)
Interface to the process
S Safety--related communication via standard bus
Distributed I/Os for process and safety signals are connected via PROFIBUS
and PROFINET using the PROFIsafe profile.
S Safety CPU--CPU communication
Safety--relevant communication between safety--relevant controls to implement
hierarchic systems, e.g. transfer lines.
S Safe programmable logic (SPL)
All of the safe signals and internal logic are directly connected.
S Safe brake management (SBM)
Safety--related two--channel brake control (SBC) and cyclic brake test (SBT).
S Integrated acceptance test
Partially automated acceptance test for all safety--related functions. Simple ope-
ration of the test process, automatic configuration of trace functions and auto-
matic generation of an acceptance record.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 2-37
Brief description 10/15
2.3 Safety technology integrated in the drive

2.3 Safety technology integrated in the drive

SINAMICS Safety Integrated

The SINAMICS S120 drive system provides the Safety Integrated Basic Functions
and the Safety Integrated Extended Functions.
Under certain limitations and constraints (refer to the system prerequisites,
Chapter 3), the Safety Integrated Basic Functions can be used together with
SINUMERIK 840D sl.
They can be activated via terminals on the power unit and at the NCU or on the
NX module

External
safety-- Safety--
Safety--
related related
related
logic actuators
sensors

Drive
control

Switch--off Drive
signal path CDC

Motor Brake
Module
control Motor

=> Safety--related monitoring functions

Figure 2-3 Safety functions integrated in the drive in conjunction with SINUMERIK

Features of the two--channel, diverse structure

A two--channel, diverse structure is characterized by the following features:
S Two--channel structure with at least 2 independent computers (i.e. computers
with different hardware and software).
S Crosswise result and data comparison with forced checking procedure for the
purpose of detecting internal errors even in functions that are not often used
(dormant errors).

© Siemens AG 2015 All Rights Reserved

2-38 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Brief description
2.3 Safety technology integrated in the drive

Detecting
In order to connect sensors and actuators in a safety--related fashion, their process
signals must be connected--in for further processing.

Evaluating
The two drive CPUs independently execute the safety--related functions. The
CPUs cyclically and mutually compare their safety--related data and results (cross-
wise data comparison). A test can be carried out -- initiated by the CPUs -- to check
the shutdown paths and actuators (forced checking procedure).

Reacting
When the integrated safety--related functions respond, the drive processors can
act on the connected actuators in a safety--related fashion in--line with the actual
situation. For example, the appropriate stop responses for the drives can be initia-
ted and/or the brakes activated.

2.3.1 Overview of the safety functions integrated in the drive

The safety--related functions are available in all of the operating modes and can
communicate with the process via safety--related input/output signals. They can be
implemented for each individual axis and spindle.
S Safe Torque Off (STO)
The drive pulses are cancelled and therefore the energy feed is safely and elec-
tronically disconnected
S Safe Brake Control (SBC)
The brake is directly controlled at the Motor Module £ through two channels
and monitored
S Safe Stop 1 (SS1)
Braking along the OFF3 ramp, monitoring the stopping time and transition into
STO

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 2-39
Brief description 10/15
2.4 Comparison of the function names

2.4 Comparison of the function names

Function name Function name according to EN 61800--5--2

SINUMERIK Safety Integrated
German English Abbr. German English Abbr.
Sicherer Halt Safe standstill SH Sicher abgeschal- Safe Torque Off STO
(STOP A) (STOP A) tetes Moment
STOP B STOP B -- Sicherer Stop 1 Safe Stop 1 SS1
STOP C STOP C -- Sicherer Stop 2 Safe Stop 2 SS2
STOP D STOP D -- Sicherer Stop 2 1) Safe Stop 2 SS2
STOP E STOP E -- Sicherer Stop 2 2) Safe Stop 2 SS2
Sichere Überwa- Safe acceleration SBR -- -- --
chung auf Be- monitoring
schleunigung
Sicherer Betriebs- Safe Operating SBH Sicherer Betriebs- Safe Operating SOS
halt Stop halt Stop
Sicher reduzierte Safely reduced SG Sicher begrenzte Safely limited SLS
Geschwindigkeit speed Geschwindigkeit speed
SG--spezifische Safely reduced -- -- -- --
Sollwertbegren- speed -- specific
zung setpoint limiting
Sichere Softwa- Safe software limit SE Sicher begrenzte Safely limited po- SLP
reendschalter switch Lage sition
Sicheres Bremsen- Safe Brake Mana- SBM -- -- --
management gement
Sichere Bremsen- Safe Brake Control SBC Sichere Bremsen- Safe Brake Con- SBC
ansteuerung ansteuerung trol
Sicherer Bremsen- Safe Brake Test SBT -- -- --
test
Sichere Software-- Safe software cam, SN Sichere Nocken Safe cams SCA
Nocken bzw. Nok- safe cam track
kenspur
n < nx n < nx -- Sichere Drehzahl- Safe Speed Mo- SSM
überwachung nitor
Sicherheitsgerich- Safety--related I/O SGE/SGA -- -- --
tete Ein--/Ausgabe- F--DI/F--DO
signale
Sichere program- Safe Programma- SPL -- -- --
mierbare Logik ble Logic
Sicheres Software Safe software relay -- -- -- --
Relais
1) For drive--based safety functions of SINAMICS, this involves a delayed SOS
2) For drive--based safety functions of SINAMICS, this involves a delayed SOS with previous initiation of
ESR

© Siemens AG 2015 All Rights Reserved

2-40 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
System Features 3
3.1 System requirements
S Software option ”SINUMERIK Safety Integrated”

SI--Basic (including 1 axis/spindle, up to 4 SPL I/Os) 6FC5800--0AM63--0YB0

SI--Comfort (including 1 axis/spindle, up to 64 SPL I/Os) 6FC5800--0AM64--0YB0
SI--axis/spindle (in addition for each axis /spindle) 6FC5800--0AC70--0YB0
SI axis/spindle package (in addition, 15 axes/spindles) 6FC5800--0AC60--0YB0
SI--High Feature (including 1 axis/spindle to 192 SPL I/O) 6FC5800--0AS68--0YB0*
SI Connect (16 safe connections) 6FC5800--0AS67--0YB0

* only for NCU 720.x and NCU 730.x

S SINUMERIK 840D sl; software release:

From 1.3.1 for safety functions integrated in the drive (SH/SBC via terminals,
Chapter 4)
From 1.3.2 for safety functions integrated in the system (Chapters 5 to 7)
S Step7, V5.5

Warning
! In a system configuration, the firmware versions of the DRIVE--CLiQ components
can only differ from the versions on the CF card, if either
a) the automatic upgrade/downgrade (parameter p7826) is deactivated, or
b) components with a new firmware version can no longer be downgraded to the
status of the version available on the CF card.
Case a) is not permitted when Safety Integrated is used. The automatic
upgrade/downgrade must never be disabled when Safety Integrated is used.
(automatic firmware update (p7826) must be equal to 1)
Case b) is only permissible if this combination has been explicitly approved by the
manufacturer.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 3-41
System Features 10/15
3.1 System requirements

S SINUMERIK 840D sl; all NCU types can be used

S The measuring circuit cables must comply with the specifications of the SINA-
MICS S120
S Safety--related devices/modules, that correspond to open--type devices accor-
ding to UL 50, may only be operated in enclosure--type housings/cabinets that
have as a minimum degree of protection IP54 in accordance with EN 60529.
Further, chassis units with degree of protection IP20 and IPXXB should be ope-
rated corresponding to EN 60529 in higher--level enclosures.
S The state of a deleted/clear safety--related input or output (i.e. the state logical
”0” of an SGE/SGA and electrical ”low” of an associated I/O terminal) or the
state of a drive where the pulses are cancelled that can be achieved by the
user as well by the fault response of the ”SINUMERIK Safety Integrated” sy-
stem, is defined as the so--called ”fail--safe state”. This is the reason that the
system is only suitable for applications where this state corresponds to the safe
state of the process controlled by SINUMERIK Safety Integrated.
S Drives with slip cannot be used for SE and SN.
S The SINUMERIK Safety Integrated functions can be used in conjunction with
the SINAMICS booksize and chassis units (max. 2 units).
S For the Safety Integrated function, only the explicitly released encoder systems
may be used. A list of the Siemens encoders and motors permissible for Safety
Integrated functions can be obtained from your local Siemens contact partner.
S SINUMERIK Safety Integrated can be operated with a maximum of two chassis
units.
The following applies specifically for safety functions integrated in the drive:
S A software option is not required when using the SINAMICS Safety Integrated
Basic Functions.
The following specifically applies for fail--safe SIMATIC modules:
S STEP7 F configuration tool (F Configuration Pack) as supplement to STEP7
This F configuration tool is required so that ET 200 F modules or the DP/AS--i
F--Link can be integrated into the HW configuration.
The F configuration tool can be downloaded from the A&D Service&Support
pages under the topic F--Configuration--Pack. Which F configuration tool can
be used for which STEP7 version is also specified there.
http://support.automation.siemens.com/WW/view/en/15208817
When using ET 200 F modules or DP/AS--i F--Link it should be noted that a
version of the F configuration tool should be used that the module already
supports.
Which modules can be configured with which versions that can be downloaded
are also specified in the download area.

Note
Only the F--Configuration Pack is necessary to connect fail--safe SIMATIC
modules to SINUMERIK. Neither SIMATIC S7 Distributed Safety nor SIMATIC S7
F systems are required.

© Siemens AG 2015 All Rights Reserved

3-42 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 System Features
3.2 Latest information

3.2 Latest information

Important note for maintaining the operational safety of your system.

Warning
! Systems with safety--related characteristics are subject to special operational
safety requirements on the part of the operating company. The supplier is also
obliged to maintain certain measures regarding his product. For this reason, we
publish a special newsletter containing information on product developments and
features that are (or could be) relevant when operating safety--related systems. By
subscribing to the appropriate newsletter, you will ensure that you are always
up--to--date and able to make changes to your system, when necessary.

Go into the Internet under:

http://automation.siemens.com
To subscribe to the newsletter, please proceed as follows:
1. Select the desired language for the Web page.
2. Click on the menu item ”Support”.
3. Click on the menu item ”Newsletter”.

Note
You have to register and log in if you want to subscribe to any newsletters. You will
be led automatically through the registration process.

4. Click on ”Login” and log in with your access data. If you do not yet have a login
and password, select ”Yes, I would like to register now”.
You can subscribe to the individual newsletters in the following window.
5. Select the document type you wish to be informed about under ”Select docu-
ment type for topic and product newsletters”.
6. Under the ”Product Support” heading on this page, you can see which newslet-
ter is currently available.
7. Open the subject area ”Safety Engineering -- Safety Integrated”. You will now
be shown which newsletter is available for this particular subject area or topic.
You can subscribe to the appropriate newsletter by clicking on the box. If you
require more detailed information on the newsletters then please click on these.
A small supplementary window is opened from where you can take the appro-
priate information.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 3-43
System Features 10/15
3.3 Certifications

Your subscription should cover the following product areas:

S SINUMERIK Safety Integrated
S SINAMICS Safety Integrated
S SIMOTION Safety Integrated
S SIMATIC S7--300
S Distributed I/O
S SIMATIC software

3.3 Certifications
The safety functions fulfill the requirements according to EN 61508 for use up to
and including SIL2 in an operating mode with a high requirement rate and Cate-
gory 3 as well as PL d acc. to EN ISO 13849--1. The average time up to a hazar-
dous failure MTTFd and the probability of hazardous failures per hour PFHd de-
pend on the degree of expansion of the system.
The ”Safe brake test” function complies with Category 2 acc. to EN ISO 13849--1.

3.4 Probability of failure

For evaluation of a safety function (PFH value) we provide you, with the Safety
Evaluation Tool (SET), a TÜV (German Technical Inspectorate) certified and free
online tool. With the help of this tool, safety functions according to IEC 62061 or
ISO 13849 can be calculated. As result you will receive a standards--compliant
report that can be integrated in the machine documentation as proof of safety.
See: http://www.siemens.de/safety--evaluation--tool
For additional information, please contact your local Siemens office.

© Siemens AG 2015 All Rights Reserved

3-44 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 System Features
3.5 Safety information & instructions and residual risks

3.5 Safety information & instructions and residual risks

Note
There are additional safety information & instructions and residual risks in other
chapters, which are listed in the relevant locations in this documentation.

3.5.1 General residual risks for PDS (Power Drive Systems)

Danger
! The control and drive components of a power drive system (PDS) are approved
for industrial and commercial use in industrial line supplies. Their use in public line
supplies (public grids) requires a different configuration and/or additional
measures.
These components may only be operated in closed housings or in higher--level
control cabinets and when all of the protective devices and protective covers are
used.
These components may only be handled by qualified and trained technical
personnel who are knowledgeable and observe all of the safety information and
instructions on the components and in the associated technical user
documentation.
When carrying out a risk assessment of the machine in accordance with the EC
machinery directive, the machine manufacturer must consider the following
residual risks associated with the control and drive components of a Power Drive
System.
1. Unintentional movements of driven machine components during
commissioning, operation, maintenance, and repairs caused by, for example:
S Hardware and/or software errors in the sensors, control system, actuators
and connection systems
S Response times of the controller and drive
S Operation and/or environmental conditions outside the specification
S Parameterization, programming, cabling, and installation errors
S Use of radio devices / cellular phones in the immediate vicinity of the control
system
S External influences / damage
2. Exceptional temperatures as well as emissions of light, noise, particles, or gas
caused by, for example:
S Component malfunctions
S Software errors
S Operation and/or environmental conditions outside the specification
S External influences / damage

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 3-45
System Features 10/15
3.5 Safety information & instructions and residual risks

Danger
! 3. Hazardous touch voltages, e.g. as a result of:
S Component malfunctions
S Influence of electrostatic charging
S Induction of voltages in moving motors
S Operation and/or environmental conditions outside the specification
S Condensation/conductive contamination
S External influences / damage
4. Electrical, magnetic, and electromagnetic fields that can pose a risk to people
with a pacemaker and/or implants if they are too close.
5. Emission of pollutants if components or packaging are not disposed of properly.
For more information about residual risks, refer to the relevant chapters in the
technical user documentation.

© Siemens AG 2015 All Rights Reserved

3-46 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 System Features
3.5 Safety information & instructions and residual risks

3.5.2 Additional safety information & instructions and residual risks

for Safety Integrated

Danger
! Safety Integrated can be used to minimize the level of risk associated with
machines and plants.
Safe operation of the machine or plant with Safety Integrated is however only
possible if the machine manufacturer
-- is familiar with and observes every aspect of this technical user documentation,
including the documented general conditions, safety information, and residual
risks.
-- Carefully constructs and configures the machine/plant. A careful and thorough
acceptance test must then be performed by qualified personnel and the results
documented.
-- Implements and validates all the measures required in accordance with the
machine/plant risk analysis by means of the programmed and configured
Safety Integrated functions or by other means.
Depending on the risk assessment of the machine or plant, the safety information
& instructions and residual risks listed in this documentation must also be
assigned, when required, to a hazardous level other than that specified in this
documentation.
The use of Safety Integrated does not replace the risk assessment of the
machine or plant to be performed by the machine manufacturer as specified
in the EC machinery directive!
In addition to Safety Integrated, further risk reduction measures must be
implemented.

As a result of the fault analysis, the machine manufacturer is in a position to define

the residual risk at his machine regarding Safety Integrated. The following residual
risks are known.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 3-47
System Features 10/15
3.5 Safety information & instructions and residual risks

Warning
! S Safety Integrated is only activated if all of the system components are
powered--up and have been booted.
S Faults in the absolute track (C--D track), cyclically interchanged phases of
motor connections (V--W--U instead of U--V--W) and a reversal in the control
direction can cause an increase in the spindle speed or axis motion. Category 1
and 2 Stop functions according to EN 60204--1 (defined as Stop B to E in
Safety Integrated) that are provided are however not effective due to the fault.
Category 0 stop function according to EN 60204--1 (defined as Stop A in Safety
Integrated) is not activated until the transition or delay time set via machine
data has expired. When SBR is active, these faults are detected (STOP B/C)
and the Category 0 stop function according to EN 60204--1 (STOP A in Safety
Integrated) is activated as early as possible irrespective of this delay (see
Chapter 6.4, ”Safe Acceleration Monitoring”). Electrical faults (defective
components etc.) can also result in the response described above.
S When incremental encoders are used, the functions ”Safe software limit
switches” (SE) and ”Safe software cams or cam tracks” (SN) can only be used
after referencing has been successfully completed.
S When no user agreement has been given (see Chapter 5.4.4, ”User
agreement”), the safe software limit switches (SE) are not operative; the safe
software cams or cam tracks (SN) are operative, but are not safe as defined by
Safety Integrated.
S The simultaneous failure of two power transistors (one in the upper and the
other offset in the lower inverter bridge) in the inverter may cause the axis to
move briefly.
The maximum movement can be:
Synchronous rotary motors: Maximum movement = 360_ / pole number
Synchronous linear motors: Max. movement = pole width
Example: Synchronous motor:
For a 6--pole synchronous motor, the axis can move by a maximum of 60
degrees. With a ballscrew that is directly driven by, e.g. 20 mm per revolution,
this corresponds to a maximum linear motion of approximately 3.33 mm.
Example, synchronous linear motor:
For a synchronous linear motor, the movement can be a maximum of one pole
width. This corresponds to the following distances:
1FN1--07 27 mm
1FN1--12/--18/--24 36 mm
1FN3 20 mm

© Siemens AG 2015 All Rights Reserved

3-48 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 System Features
3.5 Safety information & instructions and residual risks

Warning
! S The ”Automatic restart” function of SINAMICS S120 must not be used in
conjunction with safety functions since this is prohibited in EN 60204--1,
Chapter 9.2.5.4.2. (Deselecting a safety shutdown function alone must not
result in machine restarting.)
S Encoder faults are detected using various hardware and software monitoring
functions. It is not allowed to disable these monitoring functions and they must
be parameterized carefully. Depending on the fault type and which monitor
responds, a Category 0 or Category 1 stop function according to EN 60204--1
(defined as STOP A or B in SINUMERIK Safety Integrated) is activated.
S The Category 0 stop function according to EN 60204--1 (defined as STOP A in
Safety Integrated) means that the spindles/axes are not braked to zero speed,
but coast to a stop (this may take an appropriately long time depending on the
level of kinetic energy involved) or can even be accelerated by drawing/pulling
loads. This must be included in the protective door locking mechanism logic,
e.g. with the logic operation n<nx.
S When a limit value is violated, the speed may exceed the set value briefly or
the axis/spindle may overshoot the setpoint position to a greater or lesser
degree during the period between error detection and system response. This
depends on the dynamic response of the drive and the parameters/machine
data settings that have been entered (see Chapter 6, ”System/drive integrated
safety functions”).
S A position--controlled axis may be forced out of the safe operating stop state
(SBH) by mechanical forces that are greater than the maximum torque of the
drive motor. In such cases, a stop function, Category 1 according to EN
60204--1 (STOP B) is activated.
S Safety Integrated is not capable of detecting parameterization and
programming errors made by the machine manufacturer. The required level of
safety can only be assured by careful acceptance testing.
S Motor modules and motors must always be replaced with the same equipment
type. If this is not the case, the parameters will no longer match the actual
configuration -- causing Safety Integrated to respond incorrectly. The axis
involved must be re--commissioned if an encoder is replaced.
S If an internal or external fault occurs, none or only some of the parameterized
safety functions are available during the STOP--F response triggered by the
fault. This must be taken into account when a delay time between STOP F and
STOP B is parameterized. This applies in particular to vertical axes.
S An additional residual risk is obtained as a result of the possible random
hardware faults for electronic systems, arising from their very principle, which is
expressed using this PFH value.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 3-49
System Features 10/15
3.5 Safety information & instructions and residual risks

Warning
! S If, for a 1--encoder system,
a) A single electrical fault in the encoder
b) a break of the encoder shaft (or loose encoder shaft coupling), or a loose
encoder housing will cause a static state of the encoder signals (that is, they no
longer follow a movement while still returning a correct level), and prevent fault
detection while the axis is in a stop state (e.g. in SBH). Generally, the axis is
held by the active closed--loop control. Especially for vertical (suspended) axes,
from a closed--loop control--related perspective, it is conceivable that such an
axis could move downwards without this being detected. The risk of an
electrical fault in the encoder as described under a) is only present for few
encoder types employing a specific principal of operation (for example,
encoders with microprocessor--controlled signal generation such as the
Heidenhain EC/EQI series, Hübner HEAG 159/160, AMO measuring systems
with sin/cos output).
All of the faults described above must be included in the risk analysis of the
machine manufacturer. This analysis will indicate that for hanging/vertical axes
or loads that drive the motor, additional protective measures are required, e.g.
to exclude the fault under a):
S Use of an encoder with analog signal generation
S Use a 2--encoder system
and to exclude the fault under b):
S Carry out an FMEA regarding encoder shaft breakage (or the encoder shaft
coupling slips) or if the encoder housing becomes loose and apply a fault
exclusion process according to e.g. EN 61800--5--2 or
S Use a 2--encoder system (in this case it is not permissible that the encoders
are mounted on same shaft).
A list of the Siemens encoders and motors permissible for Safety
Integrated functions can be obtained from your local SIEMENS contact
partner.

© Siemens AG 2015 All Rights Reserved

3-50 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Safety Functions integrated in the drive 4
Note
This Chapter describes the safety functions that are integrated in the drive -- ”Safe
Torque Off” (STO), ”Safe Brake Control” (SBC) and ”Safe Stop 1” (SS1), which are
controlled via the drive terminals. The safety functions SH and SBC from the
context of the safety--related motion monitoring functions are described in Chapter
6 ”System/drive--integrated safety functions”. The SS1 safety function essentially
corresponds there to STOP B. Control via terminals and from the motion
monitoring functions is in parallel and can be used independently of one another.

4.1 General information about SINAMICS Safety Integrated

4.1.1 Explanations and terminology

Note
The Control Unit is part of the NCU in general.

Two--channel monitoring structure

All the main hardware and software functions for Safety Integrated are implemen-
ted in two independent monitoring channels (e.g. shutdown signal paths, data
management, data comparison).
The two drive monitoring channels are implemented using the following
components:
S via the Control Unit
S via the Motor Module/Power Module belonging to a drive
The monitoring functions in each monitoring channel work on the principle that a
defined status must prevail before each action is carried out and a specific feed-
back signal provided after each action.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-51
Safety Functions integrated in the drive 10/15
4.1 General information about SINAMICS Safety Integrated

If this expected response in a monitoring channel is not fulfilled, the drive coasts to
a standstill (two channel) and an appropriate message is output.

Switch--off signal paths

Two independent switch--off signal paths are available. All switch--off signal paths
are low active. This ensures that the system is always switched to a safe status if a
component fails or in the event of cable breakage.
If a fault is discovered in the switch--off signal paths, the ”Safe Torque Off” function
is activated and a system restart inhibited.

Monitoring cycle
The safety--relevant drive functions are executed cyclically in the monitoring cycle.
The safety monitoring clock cycle is a minimum of 4 ms. Increasing the current
controller cycle (p0110[0]) also increases the safety monitoring clock cycle.

Crosswise data comparison

The safety--relevant data in the two monitoring channels are cyclically subject to a
crosswise comparison.
If any data is inconsistent, a stop response is triggered with any Safety function.

Overview of parameters (see SINAMICS S120/S150 List Manual)

S r9780 SI monitoring clock cycle (Control Unit)
S r9880 SI monitoring clock cycle (Motor Module)

Juxtaposition of function names

Table 4-1 Juxtaposition of safety function names, SINUMERIK <--> SINAMICS

SINUMERIK SINAMICS (acc. to EN 61800--5--2)

Abbreviation Name New abbreviation New name
SH Safe standstill STO Safe Torque Off
SGA Safety--related output F--DO Failsafe Digital Output
SGE Safety--related input F--DI Failsafe Digital Input

© Siemens AG 2015 All Rights Reserved

4-52 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.1 General information about SINAMICS Safety Integrated

4.1.2 Supported functions

The functions listed here are in conformance with the IEC 61508, SIL2 standard, in
the operating mode with a high demand, Category 3 and Performance Level d acc.
to ISO 13849--1 (2006) as well as IEC 61800--5--2.
The following Safety Integrated functions are available (SI functions):
S Safety Integrated Basic Functions
These functions are part of the standard scope of the drive and can be used
without any additional license:
-- Safe Torque Off (STO)
STO is a safety function that prevents the drive from restarting unexpec-
tedly, in accordance with EN 60204--1, Section 5.4.
-- Safe Stop 1 (SS1, time controlled)
The SS1 function is based on the ”Safe Torque Off” function. This means
that a Category 1 stop in accordance with EN 60204--1 can be implemented.
-- Safe Brake Control (SBC)
The SBC function permits the safe control of a holding brake.
SBC is only supported by Power/Motor Modules in the chassis format with
order number ...3 or higher. For this function, Power Modules in the block-
size format also require a Safe Brake Relay.

4.1.3 Supported functions: HLA module

SINAMICS HLA and Safety Integrated

SINAMICS HLA supports the following Safety Integrated functions of the
CU320--2:
S Basic Functions
These functions are part of the standard scope of the drive and can be used
without requiring an additional license. Are always available. These functions do
not require an encoder and/or do not place any special requirements on the en-
coder used.
-- Safe Torque Off (STO)
Safe Torque Off is a safety function in accordance with EN 60204--1 that
prevents the drive from restarting unexpectedly. STO prevents the supply of
power to the valve, which can produce a force. It is equivalent to stop
Category 0.
-- Safe Stop 1 (SS1, time controlled)
Safe Stop 1 is based on the ”Safe Torque Off” function. This means that a
Category 1 stop in accordance with EN 60204--1 can be implemented.
The Safety Integrated functions of SINAMICS HLA can be commissioned using the
expert list.
You can find a detailed description in
References: SINAMICS S120 Safety Integrated Function Manual (FSH)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-53
Safety Functions integrated in the drive 10/15
4.1 General information about SINAMICS Safety Integrated

4.1.4 Parameter, checksum, version, password

Properties of Safety Integrated parameters

The following applies to Safety Integrated parameters:
S They are kept separate for each monitoring channel.
S At power up, a checksum (Cyclic Redundancy Check, CRC) over the Safety
parameters is generated and checked. The display parameters are not
contained in the CRC.
S Data storage: The parameters are stored on the non--volatile CompactFlash
card.
S Factory settings for safety parameters
-- You can only reset the safety parameters to the factory setting on a drive--
specific basis using p0970 or p3900 when the safety functions are not ena-
bled (p9601 = p9801 = 0).
-- All the factory settings can be restored (p0976 = 1 and p0009 = 30 on
the Control Unit) even when the safety functions are enabled (p9601 =
p9801×≠ 0).
S They are password--protected against accidental or unauthorized changes.

Note
The following safety parameters are not protected by the safety password:
S p9370 SI Motion acceptance test mode (Motor Module)
S p9570 SI Motion acceptance test mode (Control Unit)

© Siemens AG 2015 All Rights Reserved

4-54 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.1 General information about SINAMICS Safety Integrated

Checking the checksum

For each monitoring channel, the safety parameters include one parameter for the
actual checksum for the safety parameters that have undergone a checksum
check.
During commissioning, the actual checksum must be transferred in the corres-
ponding parameters of the specified reference checksum. This can be done for all
checksums of a drive object at the same time with parameter p9701.
Basic Functions
S r9798 SI actual checksum SI parameters (Control Unit)
S p9799 SI reference checksum SI parameters (Control Unit)
S r9898 SI actual checksum SI parameters (Motor Module)
S p9899 SI reference checksum SI parameters (Motor Module)
Each time the system boots (powers up), the actual checksum is calculated using
the safety parameters and then compared with the reference checksum.
If the actual and specified reference checksums are different, fault F01650 or
F30650 is output and an acceptance test requested.

Safety Integrated versions

The safety software versions on the Control Units and on the Motor Modules have
their own version ID.
For the basic functions:
S r9770 SI Version safety functions integrated in the drive (Control Unit)
S r9870 SI version (Motor Module)

Password

Note
A password allocation is not relevant in the SINUMERIK environment. It is only
used in conjunction with Starter (commissioning tool used for SINAMICS).

The safety password protects the safety parameters against unauthorized write
access.
In the commissioning mode for Safety Integrated (p0010 = 95), you cannot change
safety parameters until you have entered the valid safety password in p9761 for
the drives.
S When Safety Integrated is commissioned for the first time, the following applies:
-- Safety password = 0
-- Default setting for p9761 = 0
This means:
The safety password does not need to be set during initial commissioning.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-55
Safety Functions integrated in the drive 10/15
4.1 General information about SINAMICS Safety Integrated

S In the case of a series commissioning of safety or when replacing a part, the

following applies:
-- The Safety password remains on the memory card
-- A Safety password is not required if a part is replaced
S Changing the password for the drives
-- p0010 = 95 commissioning mode (refer to Chapter 4.7 ”Commissioning the
functions STO, SBC and SS1”)
-- p9761 = Enter ”old safety password”
-- p9762 = Enter ”new password”
-- p9763 = Confirm ”new password”
-- The new and confirmed safety password is valid immediately.
If you need to change safety parameters but you do not know the safety password,
proceed as follows:
1. Restore the factory setting of the complete drive unit (Control Unit with all
connected drives/components).
2. Recommission the drive unit and drives
3. Recommission Safety Integrated
Or contact your regional Siemens office and ask for the password to be deleted
(complete drive project must be made available).

Parameter overview (see Chapter 8.2.2 ”Description of the parameters”)

S p9761 enter SI password
S p9762 new SI password
S p9763 confirm SI password

4.1.5 Forced checking procedure

Forced checking procedure and test of the shutdown paths

The forced checking procedure of the shutdown paths is used to detect software/
hardware faults at both monitoring channels in time and is automated by means of
activation/deactivation of the ”Safe Torque Off” function.
To fulfill the requirements of ISO 13849--1:2006 regarding timely error detection,
the two switch--off signal paths must be tested at least once within a defined time
to ensure that they are functioning properly. This must be realized using the ma-
nual or process--automated trigger of the forced checking procedure.

© Siemens AG 2015 All Rights Reserved

4-56 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.1 General information about SINAMICS Safety Integrated

A timer ensures that the forced checking procedure is carried out as quickly as
possible.
S p9659 SI timer for the forced checking procedure
The forced checking procedure of the shutdown paths must be carried out at least
once during the time set in this parameter.
Once this time has elapsed, an alarm is output and remains present until the for-
ced checking procedure is carried out.
The timer returns to the set value each time the STO function is deactivated.
When the appropriate safety devices are implemented (e.g. protective doors), it
can be assumed that running machinery will not pose any risk to personnel. As a
consequence, the user is only made aware of the forced checking procedure that
is required using an alarm, and is requested to perform the forced checking proce-
dure at the next possible opportunity. This alarm does not affect machine opera-
tion.
The user must set the time interval for carrying out the forced checking procedure
to between 0.00 and 9000.00 hours depending on the components used and the
application (factory setting: 8.00 hours).
The 9000 hours are only applicable for STO, SBC, SS1 functions that are integra-
ted in the drive and controlled via local terminals.
When using the safety--related motion monitoring functions according to Chapter 6,
the value should be set to 9000 hours so that the alarm to carry out the forced
checking procedure is no longer output. After carrying out the forced checking pro-
cedure from STO, the forced checking procedure timer is also re--started by the
motion monitoring functions.
Examples for performing the forced checking procedure:
S when the drives are at a standstill after the system has been switched on.
S When the protective door is opened.
S In defined cycles (e.g. every 8 hours).
S In the automatic mode, dependent on time or a specific event.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-57
Safety Functions integrated in the drive 10/15
4.2 Safety instructions

4.2 Safety instructions

Safety notices

Warning
! After hardware and/or software components have been modified or replaced, it is
only permissible for the system to run up and the drives to be activated with the
protective devices closed. Personnel shall not be present within the danger zone.
Depending on the change made or what has been replaced, it may be necessary
to carry--out a partial or complete acceptance test (see Chapter 4.8 ”Acceptance
test”).
Before personnel may re--enter the hazardous area, the drives should be tested to
ensure that they exhibit stable control behavior by briefly moving them in both the
plus and minus directions (+/–).
Please note the following when switching on:
The safety functions are only available and can only be activated after the system
has completely booted (powered--up).

Warning
! The Category 0 stop function according to EN 60204--1 (defined as STO in Safety
Integrated) means that the drives are not braked to zero speed, but coast to a stop
(this may take some time depending on the level of kinetic energy involved). This
must be included in the protective door locking mechanism logic, e.g. with the logic
operation n < nx.

Warning
! Safety Integrated is not capable of detecting parameterization errors made by the
machine manufacturer. The required level of safety can only be assured by
thorough and careful acceptance testing.

Warning
! The automatic firmware update via p7826 = 1 (upgrade and downgrade) must
never be deactivated under any circumstances when using Safety Integrated.

© Siemens AG 2015 All Rights Reserved

4-58 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.2 Safety instructions

Warning
! If two power transistors in the power unit fail at the same time (one in the upper
bridge and one in the lower bridge of the inverter), this can cause brief, limited
movement.
The maximum movement can be:
S Synchronous rotary motors: Maximum motion = 180° / pole pair number
S Synchronous linear motors: Max. movement = pole width

Caution
! The ”automatic restart” function may not be used together with the safety functions
STO/SBC and SS1. The reason for this is that EN 60204--1 Chapter 9.2.5.4.2
does not permit this (merely de--selecting a safety shutdown function must not
cause the machine to restart).

Note
The deactivation all components, e.g. using p0105, with activated Safety functions
is not permitted.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-59
Safety Functions integrated in the drive 10/15
4.3 Safe Torque Off (STO)

4.3 Safe Torque Off (STO)

In conjunction with a machine function or in the event of a fault, the ”Safe Torque
Off (STO)” function is used to safely disconnect the torque--generating power feed
to the motor.
After selecting the function, the drive device is in a ”Safe state”. The switching on
inhibited function prevents the drive unit from being restarted.
The two--channel pulse suppression function integrated in the Motor Modules /
Power Modules is the basis for this function.

Functional features of Safe Torque Off

S This function is integrated in the drive, i.e. a higher--level control is not required.
S The function is drive specific. This means that each drive has the function and it
must be individually commissioned.
S The function must be enabled using a parameter.
S When the Safe Torque Off function is selected, the following applies:
-- The motor cannot be started accidentally.
-- The safety--related pulse suppression safely disconnects the torque--genera-
ting energy supply to the motor.
-- the power unit and motor are not electrically isolated.
S The selection/deselection of the STO function also acknowledges the safety
faults when the Basic Functions are used. The standard acknowledgment me-
chanism must also be performed.
S The signals of the components connected at the terminals (e.g. pushbuttons,
switches, ...) can be debounced in order to prevent false tripping due to signal
disturbances. The filter times are set via parameters p9651 and p9851.

Warning
! Undesirable motor motion
Appropriate measures must be taken to ensure that the motor does not move
once the motor power supply has been disconnected (”coast down”) (e.g. enable
the ”Safe brake control” function for a vertical axis).

© Siemens AG 2015 All Rights Reserved

4-60 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.3 Safe Torque Off (STO)

Warning
! Danger as a result of brief, limited motion
If two power transistors in the Motor Module fail at the same time (one in the upper
and one in the lower bridge of the inverter), this can cause brief, limited
movement.
The maximum movement can be:
S Synchronous rotary motors: Maximum motion = 180° /pole pair number
S Synchronous linear motors: Max. movement = pole width

S The status of the Safe Torque Off function is displayed using parameters.

Enabling the Safe Torque Off function

The Safe Torque Off function is enabled via the following parameters:
S STO via terminals:
-- p9601.0 = 1, p9801.0 = 1

Selecting/deselecting Safe Torque Off

Safe Torque Off is selected as follows:
S Each monitoring channel triggers safe pulse suppression via its switch--off si-
gnal path.
S A motor holding brake is closed (if connected and configured).
Deselecting Safe Torque Off represents an internal safe acknowledgment. The fol-
lowing is executed if the cause of the fault has been removed:
S Each monitoring channel cancels safe pulse suppression via its switch--off si-
gnal path.
S The safety prompt ”Close motor holding brake” is canceled.
S Any active STOP F or STOP A commands are canceled (see r9772 / r9872).
S The messages in the fault memory must also be reset using the general ack-
nowledgment mechanism.

Note
If Safe Torque Off is deselected and selected again through one channel within the
time in p9650, the pulses are canceled but a signal is not output.
If you want a message to be displayed in this case, N01620 must be reconfigured
to be either an alarm or fault using p2118 and p2119.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-61
Safety Functions integrated in the drive 10/15
4.3 Safe Torque Off (STO)

Restart after the Safe Torque Off function has been selected
1. Deselect the function in each monitoring channel via the input terminals.
2. Issue drive enable signals.
3. Cancel the power--on inhibit and power--up again.
-- 1/0 edge at input signal ”ON/OFF1” (cancel ”switching on inhibited”)
-- 0/1 edge at input signal ”ON/OFF1” (power--up drive)

Status for Safe Torque Off

The status of the Safe Torque Off (STO) function is displayed using the parameters
r9772, r9872, r9773 and r9774:
As an alternative, the status of the function can be displayed using the configurable
message N01620 (configured using p2118 and p2119).

Response times for the Safe Torque Off function

The following values can be specified for the response times when the function is
selected/deselected via the input terminals:
S Typical response time
2 x safety monitoring clock cycle CU (r9780) + input/output time sampling time
(p0799)
S Maximum response time that can occur when a fault develops:
4 x safety monitoring clock cycle CU (r9780) + input/output time sampling time
(p0799)

Examples, booksize
Assumption
Safety monitoring clock cycle CU (r9780) = 4 ms and
Inputs/outputs sampling time (r0799) = 4 ms
tR_type = 2x r9780 (4 ms) + r0799 (4 ms) = 12 ms
tR_max = 4x r9780 (4 ms) + r0799 (4 ms) = 20 ms
Parameter overview (see Chapter 8.2.1 ”Overview of parameters”)
S p0799 ”CU inputs/outputs, sampling time”
S r9780 ”SI monitoring clock cycle (Control Unit)”
S r9880 ”SI monitoring clock cycle (Motor Module)”

Internal armature short--circuit with the Safe Torque Off function

The function ”internal armature short--circuit” can be configured together with the
”STO” function.
When simultaneously selected, the STO safety function has the priority. If the STO
function is initiated, then an activated internal armature short--circuit is disabled.

© Siemens AG 2015 All Rights Reserved

4-62 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.4 Safe Stop 1 (SS1, time controlled)

4.4 Safe Stop 1 (SS1, time controlled)

4.4.1 SS1 (time-- controlled) with OFF3

General description
The ”Safe Stop 1” (SS1) function allows the drive to be stopped according to
EN 60204--1, Stop Category 1. The drive decelerates with the OFF3 ramp (p1135)
once ”Safe Stop 1” is selected and switches to ”Safe Torque Off” (STO) once the
delay time set in p9652 has elapsed.

Note
Once the SS1 (time--controlled) function has been selected by parameterizing a
delay in p9652, STO can no longer be selected directly via the terminals.

Functional features of Safe Stop 1

SS1 is enabled when p9652 (delay time) are not equal to ”0”.
S The function can be selected only in conjunction with Safe Torque Off.
S When SS1 is selected, the drive is braked along the OFF3 ramp (p1135) and
STO/SBC are automatically initiated after the delay time (p9652) has expired.
After the function has been selected, the delay timer runs down -- even if the
function is deselected during this time. In this case, after the delay time has
expired, the STO/SBC function is selected and then again deselected immedia-
tely.

Note
So that the drive is able to travel down the OFF3 ramp completely and any motor
holding brake present can be applied before the pulse is switched off, the delay
time can be set as follows:
S Motor holding brake parameterized:
Delay time p9652 ² p1135 + p1228 + p1217
S Motor holding brake not parameterized:
Delay time p9652 ² p1135 + p1228

S The selection is realized through two channels -- however braking along the
OFF3 ramp, only through one channel.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-63
Safety Functions integrated in the drive 10/15
4.4 Safe Stop 1 (SS1, time controlled)

S The signals of the components connected at the terminals (e.g. pushbuttons,

switches, ...) can be debounced in order to prevent false tripping due to signal
disturbances. The filter times are set via parameters p9651 and p9851.

Enabling the SS1 function

The function is enabled using the following parameters:
S SS1 via terminals:
-- By entering the delay time in p9652 and p9852,

Precondition
The Safe Torque Off function must be enabled.
In order that the drive can brake down to a standstill even when selected through
one channel, the time in p9652 must be shorter than the sum of the parameters for
the crosswise data comparison (p9650 and p9658).
The time in p9652 must be dimensioned so that after selection, the drive brakes
down to a standstill.

Status for Safe Stop 1

The status of the Safe Stop 1 function is displayed using parameters r9772, r9872,
r9773 and r9774.
As an alternative, the status of the function can be displayed using the configurable
message N01621 (configured using p2118 and p2119).

Response time for the Safe Stop 1 function (SS1)

The following values can be specified for the selection (up until braking is initiated):
S Typical response time
2x safety monitoring clock cycle CU (r9780) + inputs/outputs, sampling time
(p0799) + 2 ms
S Maximum response time that can occur when a fault develops
4x safety monitoring clock cycle CU (r9780) + inputs/outputs, sampling time
(p0799) + 2 ms

© Siemens AG 2015 All Rights Reserved

4-64 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.4 Safe Stop 1 (SS1, time controlled)

4.4.2 SS1 (time--controlled) with external stop

Caution
! In order to achieve stop Category 1 according to EN 60204--1 using function ”SS1
(time controlled) with external stop (SS1E)”, the higher--level control must facilitate
a controlled shutdown at the same time.

Caution
! During the delay time (p9652), for ”SS1 (time--controlled) with external stop”,
arbitrary axis motion caused by the position controller is possible.

Differences between ”Safe Stop 1 with OFF3 and with external stop”
”SS1 with OFF3” and ”SS1 with external stop” have the following differences:
S In order to activate ”SS1 with external stop”, additionally parameter p9653 must
be set = 1.
S When SS1 is selected, the drive is not braked along the OFF3 ramp, but after
the delay time has expired (p9652), only STO/SBC is automatically initiated.

4.4.3 Overview of important parameters

(see Chapter 8.2.2 ”Description of parameters”)

S p1135[0...n] OFF3 ramp--down time

S p9652 SI Safe Stop 1 delay time (Control Unit)
S p9852 SI Safe Stop 1 delay time (Motor Module)
S r9772 SI status (Control Unit)
S r9773 SI status (Control Unit + Motor Module)
S r9774 SI status (group STO) / SI stat group STO
S r9872 SI status (Motor Module)
S p9653 SI Safe Stop 1 drive--based braking response (only for ”SS1
(time controlled) without OFF3”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-65
Safety Functions integrated in the drive 10/15
4.5 Safe Brake Control (SBC)

4.5 Safe Brake Control (SBC)

Description
Safe Brake Control is used to control actuators that function according to the
closed--circuit principle (e.g. brake).
The command for releasing or applying the brake is transmitted to the Motor
Module/Power Module via DRIVE--CLiQ. The Motor Module then carries out the
action and activates the outputs for the brake.
Brake activation via the brake connection on the Motor Module is carried out using
a safe, two--channel method.

Note
This function is only supported by chassis components that can be identified by
the MLFB ending ...xxx3. A Safe Brake Adapter is needed in addition for this
design.
To ensure that this function can be used for Blocksize Power Modules, a Safe
Brake Relay must be used. When the Power Module is configured automatically,
the Safe Brake Relay is detected and the motor holding brake type is preassigned
(p1278 = 0).

Warning
! The Safe Brake Control function does not detect faults in the brake itself -- such as
e.g. brake winding short--circuit, worn brakes and similar.
If a cable breaks, this is only recognized by the Safe Brake Control function when
the status changes, i.e. when the brake is applied/released. This does not apply
when using an SBA.

Functional features of Safe Brake Control (SBC)

S When Safe Torque Off is selected or when safety monitoring functions respond,
SBC is performed with safe pulse cancelation.
S Unlike conventional brake control, SBC is executed via p1215 through two
channels.
S SBC is initiated independently of the brake control mode set in p1215. However,
SBC is not recommended for p1215 = 0 or 3.
S The function must be enabled via parameter.
S When the state changes, electrical faults, such as e.g. a short--circuit in the
brake winding or wire breakage can be detected.

© Siemens AG 2015 All Rights Reserved

4-66 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.5 Safe Brake Control (SBC)

Enabling the Safe Brake Control (SBC) function

The Safe Brake Control function is enabled via the following parameters:
S p9602 ”SI enable Safe Brake Control (Control Unit)”
S p9802 ”SI enable Safe Brake Control (Motor Module)”
The Safe Brake Control function is only selected if at least one safety monitoring
function is enabled (i.e. p9601 = p9801 ¸ 0).

Two--channel brake control

Note
Controlling the brake via a relay for ”Safe Brake Control”
If you use ”Safe Brake Control”, it is not permissible that you switch the brake via
a relay, as this could initiate brake control faults.

Note
The brake cannot be directly connected to the Motor Module in the chassis format.
The connection terminals are only designed for 24 V DC with 150 mA; the Safe
Brake Adapter is required for higher currents and voltages.

The brake is controlled from the Control Unit. Two signal paths are available for
applying the brake.

Control terminal 2
Control Unit/Motor
Module/ Safe brake Motor module
Relay
P24
TB+
Closed--circuit brake

BR+
Control BR1
terminal 1
Motor
Brake diagnostics

TB--
BR--

M M
BR2

Figure 4-1 Two--channel brake control, booksize (example)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-67
Safety Functions integrated in the drive 10/15
4.5 Safe Brake Control (SBC)

The Motor Module carries out a check to ensure that the Safe Brake Control func-
tion is working properly and ensures that, if the Control Unit fails or is faulty, the
brake current is interrupted and the brake applied.
The brake diagnosis can only reliably detect a malfunction in either of the switches
(TB+, TB--) when the status changes (when the brake is released or applied).
If the Motor Module or Control Unit detects a fault, the brake current is switched off
and the safe status is reached.

Safe Brake Control for Motor Modules in the chassis format

To be able to control the high rating brakes used with devices of this format, an
additional Safe Brake Adapter (SBA) module is needed. You can find more infor-
mation on the connection and wiring of the Safe Brake Adapter in the Equipment
Manual ”SINAMICS G130/G150/S120 Chassis/S120 Cabinet Modules/S150 Safety
Integrated”.
Parameters p9621 are used to define which digital input the Safe Brake Adapter’s
feedback (brake released or applied) is channeled to the Control Unit or the Motor
Module.
The additional functionality and the control of the brake, in other words, reaching a
safe state, are in this case essentially the same as the sequence for booksize
units.

Response time with the Safe Brake Control function

The following values can be specified for the response times when the function is
selected/deselected via input terminals:
S Typical response time
4x safety monitoring clock cycle CU (r9780) + inputs/outputs, sampling time
(p0799)
S Maximum response time that can occur when a fault develops
8x safety monitoring clock cycle CU (r9780) + inputs/outputs, sampling time
(p0799)
Example:
Assumption
Safety monitoring clock cycle CU (r9780) = 4 ms and
Inputs/outputs sampling time (r0799) = 4 ms
tR_type = 4x r9780 (4 ms) + r0799 (4 ms) = 20 ms
tR_max = 8x r9780 (4 ms) + r0799 (4 ms) = 36 ms
Parameter overview (see Chapter 8.2.1 ”Overview of parameters”)
S p0799 CU inputs/outputs sampling time
S p9621 BI: SI signal source for SBA (Control Unit)
S r9780 SI monitoring clock cycle (Control Unit)
S p9821 BI: SI signal source for SBA (Motor Module)
S r9880 SI monitoring clock cycle (Motor Module)

© Siemens AG 2015 All Rights Reserved

4-68 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.6 Control via terminals on the Control Unit and the power unit

4.6 Control via terminals on the Control Unit and the power
unit

Features
S Only for the STO, SS1 (time--controlled) and SBC functions
S Dual--channel structure via two digital inputs (Control Unit / power unit).
S The signals of the components connected at the terminals (pushbuttons,
switches, ...) can be debounced in order to prevent false tripping due to signal
disturbances or non--symmetrical test signals. The filter times are set via para-
meters p9651 and p9851.
S Different terminal strips depending on design
S Automatic ANDing of up to 8 digital inputs (p9620[0...]) on the Control Unit with
parallel configuration of power units in chassis format is not possible.

Terminals for STO, SS1 (time--controlled), SBC

The functions are separately selected/deselected for each drive using two termi-
nals.
S 1. Control Unit shutdown path
The required input terminal for Safe Torque Off (STO) is selected via the BICO
interconnection (BI: p9620[0]).
Digital input DI 0 ... DI 7 on the Control Unit can be used as a signal source
(NCU). NX modules have DI 0 to DI 3.
S 2. Motor Module shutdown path
The input terminal is the ”EP” (”Enable Pulses”) terminal.
The EP terminal is periodically interrogated with a sampling time, which is roun-
ded off to an integer multiple of the current controller cycle; however, it is a
minimum of 1 ms.
(Example: ti = 400 μs, tEP => 3x, ti = 1.2 ms)
Both terminals must be energized simultaneously within the discrepancy time
p9650/p9850, otherwise a fault will be issued.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-69
Safety Functions integrated in the drive 10/15
4.6 Control via terminals on the Control Unit and the power unit

NCU 7x0 Motor module

DRIVE--CLiQ DRIVE--CLiQ

NCU X122.4 BI:

DI x p9620
r0722.x

DRIVE--CLiQ G
Monitoring channel
Control Unit X21/X22 U2
1 V2 M
Temp +
W2 3~
Monitoring channel 2
Temp --
Motor module 3
EP +24 V BR+
4 BR--
EP M

Figure 4-2 Terminals for ”Safe Torque Off”: example for Motor Modules Booksize and NCU7x0

Grouping drives
To ensure that the function works for more than one drive at the same time, the
terminals for the corresponding drives must be grouped together as follows:
S 1. Control Unit shutdown path
By connecting the binector input to the joint input terminal on the drives in one
group.
S 2. Motor Module shutdown path
By appropriately connecting terminal ”EP” for the individual Motor Modules be-
longing to a group.

Note
The grouping must be identical in both monitoring channels.
If a fault in a drive results in a Safe Torque Off (STO), this does not automatically
mean that the other drives in the same group also switch to Safe Torque Off
(STO).

The assignment is checked during the test for the switch--off signal paths. The
operator selects Safe Torque Off for each group. The check is drive--specific.

© Siemens AG 2015 All Rights Reserved

4-70 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.6 Control via terminals on the Control Unit and the power unit

Example: Terminal groups

It must be possible to select/deselect the Safe Torque Off function separately for
group 1 (drive 1 and 2) and group 2 (drive 3 and 4).
For this purpose, the same grouping for Safe Torque Off must be performed on
both the Control Unit and the Motor Modules.

Selecting/deselecting Selecting/deselecting
Group 2 Group 1 NCU7x0 M M M M
EP EP EP EP
Drive 1
p9620

X132.3 DI6
r0722. Drive 2 Line Single Double Single
p9620
Module Motor Motor Motor
M Module Module Module
Drive 3
p9620

X132.4 DI7
r0722. Drive 4
p9620
M
Drive Drive Drive
1 2 3 4

Group 1 Group 2

Figure 4-3 Example: Grouping the terminals for Motor Modules, booksize format

4.6.1 Simultaneity and tolerance time of the two monitoring channels

The Safe Torque Off function must be selected and deselected simultaneously in
both monitoring channels using the input terminals and is only effective for the
associated drive.
1 signal: Deselecting the function
0 signal: Selecting the function

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-71
Safety Functions integrated in the drive 10/15
4.6 Control via terminals on the Control Unit and the power unit

”Simultaneously” means:
The changeover must be completed in both monitoring channels within the para-
meterized tolerance time.
S p9650 SI SGE changeover tolerance time (Control Unit)
S p9850 SI SGE changeover tolerance time (Motor Module)

Note
To avoid incorrect triggering of fault messages, at these outputs the tolerance time
must always be set smaller than the shortest time between two switching events
(ON/OFF, OFF/ON).

If the Safe Torque Off function is not selected/deselected within the tolerance time,
this is detected by the crosswise data comparison, and fault F01611 or F30611
(STOP F) is output. In this case, the pulses have already been canceled as a
result of the selection of Safe Torque Off in one channel.

4.6.2 Bit pattern test

Bit pattern test of fail--safe outputs

The converter normally responds immediately to signal changes in its fail--safe
inputs. This is not desirable in the following case: Several control modules test
their fail--safe outputs using bit pattern tests (on/off tests) to identify faults due to
either short or cross circuits. When you interconnect a fail--safe input of the conver-
ter with a fail--safe output of a control module, the converter responds to these test
signals.

© Siemens AG 2015 All Rights Reserved

4-72 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.6 Control via terminals on the Control Unit and the power unit

Input signals
F--DI Bit pattern test

t
Safety function

active

inactive
t

Fault F01611

Figure 4-4 Converter response to a bit pattern test

Note
If the test pulses lead to unintended triggering of the Safety Integrated functions,
a filtering (p9651/p9851 SI STO/SBC/SS1 debounce time) of the terminal inputs
must be parameterized.

Overview of important parameters (see SINAMICS S120/S150 List Manual)

S p9651 SI STO/SBC/SS1 debounce time (Control Unit)
S p9851 SI STO/SBC/SS1 debounce time (Motor Module)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-73
Safety Functions integrated in the drive 10/15
4.7 Commissioning the STO, SBC and SS1 functions

4.7 Commissioning the STO, SBC and SS1 functions

4.7.1 General information about commissioning safety functions

Note
S The ”STO”, ”SBC” and ”SS1” functions are drive specific, which means that the
functions must be commissioned individually for each drive.
S To support the ”STO” and ”SBC” functions, the following (minimum) safety
versions are required:
Control Unit: V02.01.01 (r9770[0...2])
Motor Module: V02.01.01 (r9870[0...2])
S To support the SS1 function, the following (minimum) safety version is required:
Control Unit: V02.04.01 (r9770[0...2])
Motor Module: V02.04.01 (r9870[0...2])
S If the version in the Motor Module is incompatible, the Control Unit responds as
follows during the switchover to safety commissioning mode (p0010 = 95):
-- Fault F01655 (SI CU: Align the monitoring functions) is output. The fault
initiates stop response OFF2.
The fault cannot be acknowledged until the safety commissioning mode
(p0010 ≠ 95) is exited.
-- The Control Unit triggers a safe pulse suppression via its own safety
switch--off signal path.
-- If parameterized (p1215), the brake is closed.
-- The safety functions cannot be enabled (p9601/p9801 and p9602/p9802).

Requirements for commissioning the safety functions

1. Commissioning of the drives must be completed.
2. The non safety--related pulse cancellation must be present, e.g. via
OFF1 = ”0” or OFF2 = ”0”
If a brake is connected and has been parameterized, then the brake is closed.
3. The terminals for ”Safe Torque Off” must be wired.
-- Control Unit: Digital input DI 0 ... DI 7 (NCU)
Digital input DI 0 ... DI 3 (NX)
-- Motor Module: Terminal ”EP”
4. For operation with SBC, the following applies:
A brake must be connected to the appropriate Motor Module connector.

© Siemens AG 2015 All Rights Reserved

4-74 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.7 Commissioning the STO, SBC and SS1 functions

Standard commissioning of the safety functions

1. A drive archive can be transferred to another drive unit, keeping the safety
parameterization.
2. If the source and target devices have different firmware versions, it may be
necessary to adapt the reference checksums (p9799, p9899). This is indicated
by the faults F01650 (fault value: 1000) and F30650 (fault value: 1000).
3. Once the project has been downloaded to the target device, an acceptance
must be carried out. This is indicated by fault F01650 (fault value: 2005).

Note
Once a project has been downloaded, it must be stored on the non--volatile
memory card (copy from RAM to ROM).

Replacement of Motor Modules with later firmware version

1. After a Motor Module fails, a more recent firmware version can be installed on
the new Motor Module.
2. If the old and new devices have different firmware versions, it may be neces-
sary to adjust the reference checksums (p9899) (see table 4-2). This is indica-
ted by fault F30650 (fault value: 1000).
For 840D sl, checksums can be confirmed at the HMI in the ”Commissioning”
operating area using the softkey ”Confirm SI data” followed by power on. The data
must be saved before power on.

Table 4-2 Adapting the reference checksum (p9899)

No. Parameter Description/comments

1 p0010 = 95 Sets the Safety Integrated commissioning mode
2 p9899 = ”r9898” Adapt the reference checksum on the Motor Module
3 p0010 = Value not Exit Safety Integrated commissioning mode
equal to 95
4 POWER ON Carry out a power on

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-75
Safety Functions integrated in the drive 10/15
4.7 Commissioning the STO, SBC and SS1 functions

4.7.2 Sequence when commissioning STO, SBC and SS1

In the SINUMERIK environment, commissioning can be simplified by using the

softkeys ”Activate drive commissioning” and ”Deactivate drive commissioning”.
With ”Activate drive commissioning”, p0010 is set to 95; the required functions can
then be enabled and the settings entered (also refer to Table 4-3 ”Commissioning
STO, SBC and SS1, Steps 3 to 9).
With ”Deactivate drive commissioning” the checksums (p9799 = r9798, p9899 =
r9898) are set to the same value and p0010 is set to 0.
To commission the STO, SBC and SS1 functions, carry out the following steps:

Table 4-3 Commissioning the ”STO”, ”SBC” and ”SS1” functions

No. Parameter Description/comments

1 p0010 = 95 Sets the Safety Integrated commissioning mode
S The following alarms and faults are output:
-- A01698 (SI CU: Commissioning mode active)
During first commissioning only:
-- F01650 (SI CU: Acceptance test required) with fault value = 130
(no safety parameters exist for the Motor Module).
-- F30650 (SI MM: Acceptance test required) with fault value = 130
(no safety parameters exist for the Motor Module).
For information on the acceptance test and certificate, see Step 15.
S The pulses are safely canceled and monitored by the Control Unit and
Motor Module.
S The safety sign of life is monitored by the Control Unit and Motor Module.
S The function for exchanging stop responses between the Control Unit and
Motor Module is active.
S An existing and parameterized brake has already been closed.
S In this mode, fault F01650 or F30650 with fault value = 2003 is output after
a Safety parameter is changed for the first time.
This behavior applies for the entire duration of safety commissioning, which
means that the STO function cannot be selected/deselected while safety
commissioning mode is active because this would constantly force safe pulse
cancellation.
2 p9761 = ”Value” Sets the safety password
When Safety Integrated is commissioned for the first time, the following applies:
S Safety password = 0
S Default setting for p9761 = 0
This means that the safety password does not need to be set during initial
commissioning.

© Siemens AG 2015 All Rights Reserved

4-76 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.7 Commissioning the STO, SBC and SS1 functions

Table 4-3 Commissioning the ”STO”, ”SBC” and ”SS1” functions, continued

No. Parameter Description/comments

3 Enable Safe Torque Off function
p9601.0 STO via Control Unit terminals
p9801.0 STO via Motor Module terminals
S The parameters are not changed until safety commissioning mode has
been exited (i.e. when p0010 ≠ 95 is set).
S Both parameters are included in the crosswise data comparison and must,
therefore, be identical.
4 Enables the safe brake control function
p9602 = 1 Enables SBC on the Control Unit
p9802 = 1 Enables SBC on the Motor Module
S The parameters are not changed until safety commissioning mode has
been exited (i.e. when p0010 ≠ 95 is set).
S Both parameters are included in the crosswise data comparison and must,
therefore, be identical.
S The safe brake control function only becomes active if at least one safety
monitoring function is enabled (i.e. p9601 = p9801 ≠ 0).
5 Enable Safe Stop 1 function
p9652 > 0 Enable SS1 on the Control Unit
p9852 > 0 Enable SS1 on the Motor Module
S The parameters are not changed until safety commissioning mode has
been exited (i.e. when p0010 ≠ 95 is set).
S Both parameters are included in the crosswise data comparison and must,
therefore, be identical.
S The Safe Stop 1 function only becomes active if at least one safety moni-
toring function is enabled (i.e. p9601 = p9801 ≠ 0).
6 Set terminals for Safe Torque Off (STO)
p9620 = ”Value” Set the signal source for STO on the Control Unit
Terminal ”EP” Wire terminal ”EP” (enable pulses) on the Motor Module.
S Control Unit monitoring channel:
By appropriately interconnecting BI: p9620 for the individual drives, the
following is possible:
-- Selecting/deselecting STO
-- Grouping the terminals for STO
Digital input DI 0 ... DI 7 on the Control Unit can be used as a signal source
(NCU). DI 0 ... DI 3 (NX).
S Motor Module monitoring channel:
By wiring the ”EP” terminal accordingly on the individual Motor Modules, the
following is possible:
-- Selecting/deselecting STO
-- Grouping the terminals for STO
Note:
The STO terminals must be grouped identically in both monitoring channels.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-77
Safety Functions integrated in the drive 10/15
4.7 Commissioning the STO, SBC and SS1 functions

Table 4-3 Commissioning the ”STO”, ”SBC” and ”SS1” functions, continued

No. Parameter Description/comments

7 Set F--DI changeover tolerance time
p9650 = ”Value” F--DI changeover tolerance time on Control Unit
p9850 = ”Value” F--DI changeover tolerance time on Motor Module
S The parameters are not changed until safety commissioning mode has
been exited (i.e. when p0010 ≠ 95 is set).
S Due to the different runtimes in the two monitoring channels, an F--DI chan-
geover (e.g. selection/deselection of STO) does not take place simulta-
neously. After an F--DI changeover, dynamic data is not subject to a cross-
wise data comparison during this tolerance time.
S Both parameters are included in the crosswise data comparison and must,
therefore, be identical. A difference of one safety monitoring clock cycle is
tolerated for the values.
8 Sets the transition time from STOP F to STOP A
p9658 = ”Value” Transition time from STOP F to STOP A on the Control Unit
p9858 = ”Value” Transition time from STOP F to STOP A on Motor Module
S The parameters are not changed until safety commissioning mode has
been exited (i.e. when p0010 ≠ 95 is set).
S STOP F is the stop response initiated by fault F01611 or F30611 (SI defect
in a monitoring channel) when the crosswise data comparison is violated.
STOP F normally initiates ”No stop response”.
S Once the parameterized time has elapsed, STOP A (immediate safety
pulse cancellation) is initiated by fault F01600 or F30600 (SI STOP A
initiated).
The default setting for p9658 and p9858 is 0, i.e. STOP F immediately
results in STOP A.
S Both parameters are included in the crosswise data comparison and must,
therefore, be identical. A difference of one safety monitoring clock cycle is
tolerated for the values.
9 p9659 = ”Value” Sets the time to carry out the forced checking procedure and testing the
safety shutdown paths
S After this time has expired, using alarm A01699 (SI CU: Shutdown paths
must be tested), the user is requested to test the shutdown paths
(i.e. select/deselect STO).
S The commissioning engineer can change the time required for carrying out
the forced checking procedure and testing the safety switch--off paths.
10 Adapt the specified reference checksums
p9799 = ”r9798” Specified checksum on the Control Unit
p9899 = ”r9898” Specified checksum on the Motor Module
The current checksums for the Safety parameters that have undergone a
checksum check are displayed as follows:
S Actual checksum on the Control Unit: r9798
S Actual checksum on the Motor Module: r9898
By setting the actual checksum in the parameter for the specified checksum,
the commissioning engineer confirms the Safety parameters in each monitoring
channel.

© Siemens AG 2015 All Rights Reserved

4-78 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.7 Commissioning the STO, SBC and SS1 functions

Table 4-3 Commissioning the ”STO”, ”SBC” and ”SS1” functions, continued

No. Parameter Description/comments

11 Sets a new safety password
p9762 = ”Value” Enter a new password
p9763 = ”Value” Confirm the new password
In the SINUMERIK environment we recommend that an axis--specific password
is not used. The commissioning area is sufficiently protected using the
password protection at the HMI and an axial password makes further
commissioning steps more difficult.
S The new password is not valid until it has been entered in p9762 and con-
firmed in p9763.
S From now on you must enter the new password in p9761 so that you can
change safety parameters.
S Changing the safety password does not mean that you have to change the
checksums in p9799 and p9899.
12 p0010 = Value Exit Safety Integrated commissioning mode
not equal to 95
S If at least one safety monitoring function is enabled (p9601 = p9801 ≠ 0),
the checksums are checked:
If the reference checksum on the Control Unit has not been correctly adap-
ted, then fault F01650 (SI CU: Acceptance test required) is output with fault
code 2000 and it is not possible to exit the safety commissioning mode.
If the reference checksum on the Motor Module has not been correctly
adapted, then fault F01650 (SI CU: Acceptance test required) is output with
fault code 2001 and it is not possible to exit the safety commissioning
mode.
S If a safety monitoring function has not been enabled (p9601 = p9801 = 0),
safety commissioning mode is exited without the checksums being
checked.
When safety commissioning mode is exited, the following is carried out:
S The new Safety parameters are active on the Control Unit and Motor
Module.
13 All drive parameters (entire drive group or only single axis) must be manually
saved from RAM to ROM. This data is not saved automatically!
14 -- Carry out a power on
After commissioning, a POWER ON reset must be carried out.
15 -- Carry out an acceptance test and prepare an acceptance report
Once safety commissioning has been completed, the commissioning engineer
must carry out an acceptance test for the enabled safety monitoring functions.
The results of the acceptance test must be documented in an acceptance
report (see Chapter 4.8 ”Acceptance test and acceptance report”).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-79
Safety Functions integrated in the drive 10/15
4.7 Commissioning the STO, SBC and SS1 functions

4.7.3 Safety faults

The fault messages of the Safety Basic Functions are saved in the standard
message buffer and can be read out from there.

Stop response
When faults associated with Safety Integrated Basic Functions occur, the following
stop responses can be initiated:

Table 4-4 Stop responses for Safety Integrated Basic Functions

Stop Action Effect Triggered ...

response
STOP A
cannot be For all non--acknowledgeable
Trigger safe pulse
acknowl- safety faults with pulse
suppression via the The motor
edged suppression.
switch--off signal path for coasts to a
the relevant monitoring standstill or is
channel. braked by the For all acknowledgeable safety
For operation with SBC: holding brake. faults with pulse disable.
STOP A The brake is closed. As a subsequent response to
STOP F.
STOP A corresponds to stop Category 0 to EN 60204--1.
With STOP A, the motor is switched directly to zero torque via the Safe
Torque Off (STO) function.
A motor at standstill cannot be started again accidentally.
A moving motor coasts to standstill. This can be prevented by using external
braking mechanisms, e.g. holding or operational brake.
When STOP A is present, Safe Torque Off (STO) is active.
STOP F Transition into STOP A Follow--up If a fault occurs in the
(after a delay time that can response crosswise data comparison.
be parameterized) STOP A with
adjustable
delay (default
setting with-
out delay) if
one of the
selected
Safety
functions is
selected
STOP F is permanently assigned to the crosswise data comparison (CDC). In
this way, errors are detected in the monitoring channels.
After STOP F, STOP A is initiated.
When STOP A is present, Safe Torque Off (STO) is active.

© Siemens AG 2015 All Rights Reserved

4-80 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.7 Commissioning the STO, SBC and SS1 functions

Warning
! With a vertical axis or pulling load, there is a risk of uncontrolled axis movements
when STOP A/F is initiated. This can be prevented by using safe brake control
(SBC) and a brake with sufficient holding force (not safety relevant).
For mechanically coupled axes, there is a risk of uncontrolled motion if a STOP
A/F is not initiated for all axes of the group.

Acknowledging the Safety faults

Faults associated with Safety Integrated Basic Functions must be acknowledged
as follows:
1. Remove the cause of the fault.
2. Select/deselect Safe Torque Off (STO).
3. Acknowledge fault.
If the safety commissioning mode is exited when the safety functions are swit-
ched off (p0010 = value not equal to 95 when p9601 = p9801 = 0), all the safety
faults can be acknowledged.
Once safety commissioning mode has been selected again (p0010 = 95), all the
faults that were previously present reappear.

Note
Safety faults can also be acknowledged (as with all other faults) by switching the
drive unit off and then on again (power on).
If the fault cause has still not been resolved, then the fault is immediately
displayed again after booting.

Description of faults and alarms

See also Chapter 10.3.

Note
The faults and alarms for SINAMICS Safety Integrated are described in the
following documentation:
Reference: /LH1/ SINAMICS S120/S150 List Manual

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-81
Safety Functions integrated in the drive 10/15
4.8 Acceptance test and acceptance report

4.8 Acceptance test and acceptance report

See Chapter 9.5 ”Acceptance test”

4.9 Overview of parameters and function diagrams

Parameter overview

Table 4-5 Safety Integrated parameters

No. No. Name Can be changed

Control Motor in
Unit module
(CU) (MM)
p9601 p9801 Enables safety--related functions
Safety Integrated
commissioning
p9602 p9802 Enables safe brake control (p0010 = 95)

p9620 -- Signal source for Safe Torque Off Safety Integrated

commissioning
(p0010 = 95)
p9621 p9821 Safe Brake Adapter signal source
p9622[0...1] p9822[0...1] SBA relay wait times
p9625 p9825 SI HLA shutoff valve wait time (CU)
p9626 p9826 SI HLA shutoff valve feedback contacts
configuration (CU)
p9650 p9850 Tolerance time SGE changeover Safety Integrated
commissioning
(p0010 = 95)
p9651 p9851 STO/SBC/SS1 debounce time
p9652 p9852 Safe Stop 1 delay time Safety Integrated
commissioning
(p0010 = 95)
p9653 -- SI Safe Stop 1 drive--based braking response
p9658 p9858 Transition time STOP F to STOP A
Safety Integrated
commissioning
p9659 -- Timer for forced checking procedure (p0010 = 95)

r9660 -- SI forced checking procedure remaining time

p9761 -- Enter password In every operating
mode

© Siemens AG 2015 All Rights Reserved

4-82 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety Functions integrated in the drive
4.9 Overview of parameters and function diagrams

Table 4-5 Safety Integrated parameters, continued

No. No. Name Can be changed

Control Motor in
Unit module
(CU) (MM)
p9762 -- New password Safety Integrated
commissioning
p9763 -- Password confirmation (p0010 = 95)
p9697 p9897 Pulse cancellation failsafe delay time
r9770[0...3] r9870[0...3] Version of the drive--integrated safety function --
r9771 r9871 Shared functions --
r9772 r9872 Status --
r9773 -- Status (Control Unit + Motor Module) --
r9774 -- Status (Safe Torque Off group) --
r9776 -- SI diagnostics
r9780 r9880 Monitoring cycle --
r9794 r9894 Cross comparison list --
r9795 r9895 Diagnostics for STOP F --
r9798 r9898 Actual checksum SI parameters --
p9799 p9899 Reference checksum SI parameters Safety Integrated
commissioning
(p0010 = 95)

Description of parameters

Note
The SINAMICS Safety Integrated parameters are described in the following
reference:
Reference: /LH1/ SINAMICS S List Manual

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 4-83
Safety Functions integrated in the drive 10/15
4.10 PLC drives

Function diagram overview

S 2800 Parameter manager
S 2802 Monitoring and faults/alarms
S 2804 Status words
S 2810 Safe Torque Off (STO)
S 2814 Safe brake control (SBC)
Also see Chapter 8.2.2 ”Description of parameters”.

4.10 PLC drives

SINUMERIK 840D sl allows both NC controlled as well as PLC controlled axes to
be operated. The PLC controlled axes are addressed exclusively via the PLC user
program.
For implementing the safety functions, for the PLC axes, the Safety Integrated
Basic and Extended Functions of the SINAMICS drive family are available.
For further information on PLC--controlled axes, refer to the Commissioning Guide
of SINUMERIK 840D sl. The Safety Integrated Basic and Extended Functions are
described in the Function Manual ”SINAMICS S120 Safety Integrated” or in the
respective function manuals.

© Siemens AG 2015 All Rights Reserved

4-84 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Basics on the safety functions integrated
in the system/drive 5
Motion monitoring functions with a higher--level control
The motion monitoring functions are carried out using a higher--level control. The
higher--level control and the drive are the two monitoring channels. Just like the
monitoring functions integrated in the drive, also here, each channel must be
assigned a shutdown path so that when a fault develops, the pulses can be
cancelled independently of the other channel.
S The shutdown path of the Control Unit is assigned to the drive monitoring
channel.
S The shutdown path of the Motor Module is assigned the control monitoring
channel.

5.1 Monitoring cycle

Setting the monitoring clock cycle time

The axis--specific safety--related functions are monitored cyclically in the moni-
toring clock cycle that can be set jointly for all axes/spindles using the following
machine data:
for 840D sl
MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
The specified clock cycle is checked and rounded--off to the next possible value
when the control boots and every time the machine data changes.
The resulting monitoring clock cycle is displayed using MD10091:
$MN_INFO_SAFETY_CYCLE_TIME
(refer to Chapter 8.1.2 ”Description of machine data”).
For SINAMICS S 120
p9500 SI Motion monitoring clock cycle (Control Unit)
(refer to Chapter 8.2.2, ”Description of parameters”)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-85
Basics on the safety functions integrated in the system/drive 10/15
5.1 Monitoring cycle

Warning
! The monitoring clock cycle determines the response time of the safety--related
functions. It must therefore be selected to be <= 25 ms. The higher the monitoring
cycle setting, the greater the amount by which the monitored limit value is violated
in the event of an error and the more that the drive(s) overshoots.

© Siemens AG 2015 All Rights Reserved

5-86 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.2 Crosswise data comparison (CDC)

5.2 Crosswise data comparison (CDC)

The continuous comparison of the safety--related data in the monitoring channels
carried out in the SI monitoring clock cycle is known as ”crosswise data compari-
son” (CDC).
The following apply for the axis--specific monitoring functions: In the case of ”non--
steady--state” data, tolerance values defined using machine data are used by
which amount the results of the two channels may deviate from one another
without initiating a response (e.g. tolerance for crosswise data comparison of
actual positions).
A distinction is made between:
S Drive CDC between the drive and Motor Module (refer to Chapter 4 ”Safety
functions integrated in the drive”).
S Axis CDC between the NCK and drive (refer to Chapter 6 ”Safety functions inte-
grated in the system/drive”).
S Communication CDC between the NCK and PLC (refer to Chapter 7.2, ”Con-
necting I/O via PROFIsafe” and Chapter 7.4 ”Safety--relevant CPU--CPU com-
munication (F_DP communication)”).
S SPL--CDC between the NCK and PLC (refer to Chapter 7.5, ”Safe program-
mable logic (SPL)”).
Error response
If the crosswise data comparison (CDC) identifies an error, then this results in a
stop response (refer to Chapter 6.3, ”Safe Stops A--F”).
In addition, safety alarms are output.

Note
If SGEs are quickly changed over several times this can initiate a STOP F.

Displays the crosswise data comparison clock cycle

To display the actual crosswise data comparison cycle time between the NCK and
drive, the axis--specific MD36992 $MA_SAFE_CROSSCHECK_CYCLE and gene-
ral MD10092 $MN_INFO_CROSSCHECK_CYCLE_TIME are used: If the monito-
ring clock cycle is modified, then the crosswise comparison clock cycle is also
changed.
The length of the crosswise comparison list depends on whether certain functions
have been enabled.
The CDC cycle active on an axis is displayed in the axis--specific MD36992
$MA_SAFE_CROSSCHECK_CYCLE.
The maximum CDC cycle time active on the axes is displayed in the NCK--specific
MD $MN_INFO_CROSSCHECK_CYCLE_TIME.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-87
Basics on the safety functions integrated in the system/drive 10/15
5.3 Forced checking procedure

5.3 Forced checking procedure

Forced checking procedure, general (extract from /6/)

”...A forced checking procedure must be carried out for all static (steady--state)
signals and data. Within the required time (8 h), the state must change from a logi-
cal 1 to a logical 0 -- or vice versa. If the state remains static in a fault situation,
then this is detected at the latest as a result of this forced checking procedure and
the subsequent comparison.
A forced checking procedure must be used, e.g. for components that are required
to stop a process (e.g. contactors and power semiconductors) -- the so--called
shutdown path and for the shutdown condition. Generally, it is not possible to test a
shutdown condition, e.g. violation of a limit value criterion, using other methods
such as e.g. crosswise data comparison, when the machine is in an acceptable
(good) condition. This also applies to errors along the entire shutdown path inclu-
ding associated hardware and software and circuit--breakers.
By integrating a test stop every eight hours with a comparison and expected
status, faults can also be detected when the machine is in an acceptable (good)
condition....”
Remark: Acceptable (good) condition means that there are no machine faults that
are apparent to the operator&
Remark: For Safety Integrated, a forced checking procedure interval of one year is
permissible

Forced checking procedure with Safety Integrated

The forced checking procedure is used to detect faults/errors in the software and
hardware of the two monitoring channels. In order to do this, the safety--related
parts in both channels must be processed at least once during a defined period in
all safety--related branches. Any faults/errors in the monitoring channel would
cause deviations and will be detected by the cross--wise data comparison.
For Safety Integrated, the forced checking procedure interval is max. 1 year. This
involves components from the SINUMERIK 840D sl / SINAMICS S120 system.
Possible requirements relating to shorter forced checking procedure intervals of
safety--related components (e.g. PROFIsafe I/O modules, sensors such as e.g.
emergency stop buttons, actuators such as e.g. brakes, etc.) are not influenced.

© Siemens AG 2015 All Rights Reserved

5-88 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.3 Forced checking procedure

The forced checking procedure must be initiated by the user or integrated in the
process as an automatic procedure, e.g.:
S When the axes are stationary after the system has been powered--up
S When the protective door is opened
S In defined cycles (e.g. every 8 hours. The maximum permissible is once per
year).
S In the automatic mode, dependent on the time and event
The forced checking procedure also includes testing the safety--related sensors
and actuators at the safety--related inputs/outputs. In this case, the entire circuit
including the Safe Programmable Logic (SPL) is tested to ensure that it is correctly
functioning (refer to Chapter 7.1.2, ”Forced checking procedure of SPL signals”).

Warning
! The test interval duration of max. 1 year may only be extended under the following
conditions:
S In the time after the test interval has expired, no hazards for personnel may be
allowed to occur -- they must be completely excluded (e.g. the protective door
is closed and is also interlocked)
S After the test interval has expired, before a possible hazard to personnel
(e.g. for a request to open a protective door), a test stop or a forced checking
procedure must be carried out to absolutely ensure the availability of the
shutdown paths and the safety--related inputs/outputs.
This means that for the duration of the automatic mode (with the protective door
closed and interlocked), a fixed cycle is not strictly specified. After expiry of the
time, the forced checking procedure can be carried out before the next opening of
the protective door.

Note
If the crosswise data comparison identifies an error, then this results in a stop
response (refer to Chapter 6.3, ”Safe Stops A--F”).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-89
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

5.4 Actual value conditioning

5.4.1 Encoder types

Basic types
The following basic encoder types can be used with a drive module to implement
safety--related operation:
1. Incremental encoder via a Sensor Module and DRIVE--CLiQ
with sinusoidal voltage signals A and B (signal A is shifted with respect to B
through 90°) and a reference signal R, e.g.: ERN 1387, LS 186, SIZAG2
2. Absolute encoder via Sensor Module and DRIVE--CLiQ
with an EnDat interface and incremental sinusoidal voltage signals A and B
(signal A is shifted with respect to B through 90°), e.g.: EQN 1325, LC 181
3. Motor encoder (IMS) with integrated DRIVE--CLiQ interface, with the properties
corresponding to 1st or 2nd
4. Direct encoder (DMS, e.g. linear scale) with integrated DRIVE--CLiQ interface,
with the properties corresponding to 1. or 2.

Combining encoder types

Various combinations can be derived from the basic types.

Table 5-1 Combining encoder types

Incremental encoder Absolute encoder

at the motor at the load at the motor at the load Remarks
x 1--encoder system*
x 1--encoder system*
x x 2--encoder system*
x x 2--encoder system*
x x 2--encoder system*
x x 2--encoder system*
Note: x --> encoder connection
*A list of the Siemens encoders and motors permissible for Safety Integrated functions can
be obtained from your local SIEMENS contact partner.

© Siemens AG 2015 All Rights Reserved

5-90 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.4 Actual value conditioning

1--encoder system
For a 1--encoder system, the motor encoder is used for the safety--related actual
values of the NC and drive.
If an encoder fault develops, and a safety--related function is active, then STOP B
and then STOP A is performed.
As a result of the encoder fault, and the fact that internally the speed is set to 0
(a valid actual value is no longer available), i.e. no SBR monitoring is possible
while STOP B is active.
The actual values are generated in a safety--related fashion either directly in the
encoder or in the Sensor Module and are provided -- with no--reaction -- to the NCK
and the drive using safety--related communications via DRIVE--CLiQ.
Special feature regarding linear motors:
For linear motors, the motor encoder (linear scale) is also the measuring system at
the load. IMS and DMS are one measuring system. The connection is made at the
IMS input of the Sensor Module or directly via DRIVE--CLiQ.
Significance of the coarse encoder position:
For a 1--encoder system, for all position monitoring functions, the accuracy of the
redundant actual value must be assumed to apply. This accuracy depends on the
encoder evaluation. For all encoder evaluation functions that can be used with
Safety Integrated (SMI, SME, SMC, motor/encoder with DRIVE--CLiQ), a redun-
dant position value is generated and the closed--loop control is made available.
The machine manufacturer must select the appropriate encoder with the necessary
encoder pulse number for his particular requirements. To do this, the encoder reso-
lution must be converted to the accuracy on the load side. This conversion is de-
pendent on the type of encoder mounting and the type of axis. Further, gearbox
factors, the spindle pitch for linear axes and the radius of the rotary table for rotary
axes must also be taken into account.

DRIVE--CLiQ

Encoder Gearbox Machine table

Motor Back--

Sensor Module cabinet mounted (not used (FD) lash

for encoders with DRIVE--CLiQ interface)

Figure 5-1 1--encoder system for a feed drive (FD)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-91
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

Warning
! The specific residual risks for 1--encoder systems (refer to Chapter 3.5 ”Safety
information & instructions and residual risks) must be carefully taken into
consideration.

2--encoder system
In this case, the safety--related actual values for an axis are supplied from 2 sepa-
rate encoders. In standard applications, the drive evaluates the motor encoder
(IMS) and the NC, the measuring system (DMS). The actual values are generated
in a safety--related fashion either directly in the encoder or in the Sensor Module
and are provided -- with no--reaction -- to the NCK and the drive using safety--rela-
ted communications via DRIVE--CLiQ. A separate connection or a separate Sensor
Module is required for every measuring system.
For a 2--encoder system, an encoder fault can result in a STOP F followed by
STOP B and STOP A -- as well as an immediate STOP A response.

DRIVE--
CLiQ

Machine table Linear scale

Encoder Gearbox
Back--
Motor (FD)
Sensor Module cabinet mounted lash

(not used for encoders with

DRIVE--CLiQ interface)

Figure 5-2 2--encoder system for a feed drive (FD), connected through 2 Sensor Modules

© Siemens AG 2015 All Rights Reserved

5-92 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.4 Actual value conditioning

DRIVE--CLiQ

Incremental
encoder
Motor
(MSD)
Selector
Sensor Module cabinet mounted (not used gearbox Spindle
for encoders with DRIVE--CLiQ interface)

Incremental encoder

Figure 5-3 2--encoder system for the main spindle, connected via 2 Sensor Modules

Note
For systems with slip, see Chapter 5.4.6 ”Actual value synchronization (slip for
2--encoder systems)”.

DRIVE--CLiQ encoder
If a DRIVE--CLiQ encoder is connected for the NCK monitoring channel (drive
parameter r9527 = 2 or 3), in addition to the parameter field r0979, additional drive
parameters that define the redundant coarse position value in more detail must be
read--out. When booting, these parameters are directly read--out of the encoder
and saved in the NCK machine data.
The additional parameters for DRIVE--CLiQ encoders are listed in the following
table:

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-93
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

Drive parameters Meaning NCK machine data

r0469 Resolution measurement steps for linear $MA_SAFE_ENC_MEAS_STEPS
absolute encoders (linear DRIVE--CLiQ _RESOL
encoders)
r0470 Valid bits for the redundant coarse position $MA_SAFE_ENC_NUM_BITS[0]
value (DRIVE--CLiQ encoder, binary)
r0471 Fine resolution of the redundant coarse po- $MA_SAFE_ENC_NUM_BITS[1]
sition value (DRIVE--CLiQ encoder, binary)
r0472 Relevant bits of the redundant coarse posi- $MA_SAFE_ENC_NUM_BITS[2]
tion value (DRIVE--CLiQ encoder, binary)
r0473 Non safety--related measurement steps $MA_SAFE_ENC_MEAS_STEPS
position value POS2 (DRIVE--CLiQ enco- _POS1
der, linear)
r0474 Configuration of the redundant coarse posi- $MA_SAFE_ENC_CONF
tion value
Bit 0: Count direction, up/down
Bit 1: CRC 16: LSB/MSB first
Bit 2: MSB/LSB -- justified
Bit 4: Binary comparison not possible
r0475 = Safety MSB of the redundant coarse posi- $MA_SAFE_ENC_NUM_BITS[3]
r0470 -- r0471 tion value (DRIVE--CLiQ encoder, binary)

The difference between DRIVE--CLiQ encoder, binary or linear, is derived from

drive parameter r0474, bit 4:
S r0474.4 = 0: DRIVE--CLiQ encoder, binary
S r0474.4 = 1: DRIVE--CLiQ encoder, linear or not binary
The relevant drive parameters are evaluated, depending on the DRIVE--CLiQ pro-
totype (binary or linear). Different algorithms are used to compare the redundant
coarse position value with the actual value. All of the NCK machine data listed in
the table above are incorporated in the checksum via the axis--specific NCK
machine data in order to identify any inadvertent changes.
Machine data
S $MA_SAFE_ENC_NUM_BITS[0,1]
S $MA_SAFE_ENC_CONF
are incorporated in the hardware--related checksum check
$MA_SAFE_ACT_CHECKSUM[1]. If one of these NCK machine data do not
match the associated drive parameter, then Alarm 27035 ”Axis %1 new HW com-
ponent, acknowledgment and function test required” is output.
The following machine data
S $MA_SAFE_ENC_NUM_BITS[2,3]
S $MA_SAFE_ENC_MEAS_STEPS_RESOL
S $MA_SAFE_ENC_MEAS_STEPS_POS1
have a direct impact on the accuracy of the safe position monitoring, and are
therefore factored into the functional checksum scope $MA_SAFE_ACT_CHECK-

© Siemens AG 2015 All Rights Reserved

5-94 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.4 Actual value conditioning

SUM[0]. Further, if they do not match the associated drive parameters, Alarm
27036 ”Axis %1 encoder parameterization MD %2[%3] was adapted” is output.
Just the same as for all encoder data, the NCK machine data for the DRIVE--CLiQ
encoder are not incorporated directly in the crosswise data comparison with the
drive, as in these components, a corresponding equivalent does not always exist.
However, they are indirectly secured through the crosswise actual value compari-
son.

EnDat 2.2 converter

When using the EnDat 2.2 protocol, a delay is incurred when providing the actual
value information as a result of its serial data transfer.
If an EnDat 2.2 converter is used in a 2--encoder system, then as a consequence,
a velocity--dependent position difference is obtained. This must be taken into consi-
deration in the parameterization. In the SI service screen, using entry ”Maximum
position tolerance NCK/drive” users can determine the position differences that
occur, and make the appropriate position tolerance setting in
$MA_SAFE_POS_TOL.
This value includes the deviation as a result of the mechanical system, as well as
also the maximum difference resulting from the EnDat 2.2 delay.

5.4.2 Encoder adjustment, calibrating the axes

Adjusting the motor encoder

Generally, for 1--encoder systems, the integrated encoder is an integral component
of the motor (the encoder is adjusted to match the motor). Data relating to
distance, speed and rotor position (for synchronous drives) is obtained from one
encoder. It is no longer possible to adjust the encoders in motor measuring
systems in the conventional sense.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-95
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

Machine measurement
The machine zero and encoder zero are calibrated purely on the basis of the offset
value (the machine must be calibrated). This procedure must be carried out for
both absolute and incremental encoders.

Absolute encoder actual value

Offset value Actual position value

Encoder Machine Switch--on position/

zero zero stop position

Figure 5-4 Positions and actual values

When calibrating the machine, a known or measured position is approached using

a dial gauge, fixed stop, etc. and the offset determined. This offset is then entered
into the appropriate machine data. Calibration must always be carried out for posi-
tion--controlled (closed--loop) axes/spindles.
Reference: SINUMERIK 840D sl Commissioning Manual
CNC commissioning: NC, PLC, drive SINUMERIK 840D sl,
”Axis referencing”

5.4.3 Axis states

”Axis not referenced” state

The axis state ”axis not referenced” is reached after the power supply has been
powered--up and the drive and control system have completely booted. This state
is indicated using the axis--specific interface signal ”reference point reached” as
follows:
Interface signal
”Reference point reached” = ”1” Axis state ”Axis referenced”
”Reference point reached” = ”0” Axis state ”Axis not referenced”
for 840D sl DB31--61, DBX60.4 / DBX60.5
(refer to Fig. 5-5 ”Axis states when referencing”)

© Siemens AG 2015 All Rights Reserved

5-96 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.4 Actual value conditioning

”Axis referenced” state

For incremental encoders the position actual value is lost when the NC is powe-
red--down. When the NC is powered--up, a reference point approach must be car-
ried out. If the reference point approach is correctly executed, then the axis is refe-
renced and goes into the ”axis referenced” state (refer to Fig. 5-5 ”Axis states
when referencing”).
Contrary to incremental encoders, absolute encoders do not require a reference
point approach after the NC has been powered--up. These encoders track the ab-
solute position, e.g. using a mechanical gear, both when powered--up and powe-
red--down. The absolute position is transferred implicitly via a serial interface when
the NC is powered--up. After the position data has been transferred and the offset
value has been taken into account, the axis also goes in the axis state ”axis refe-
renced” (refer to Fig. 5-5 ”Axis states when referencing”).
This axis state ”axis referenced” is indicated using the axis--specific interface signal
”reference point reached” as follows:
Interface signal
”Reference point reached” = ”1” Axis state ”Axis referenced”
”Reference point reached” = ”0” Axis state ”Axis not referenced”
for 840D sl DB31--61, DBX60.4 / DBX60.5
Reference: SINUMERIK 840D sl Commissioning Manual

”Axis safely referenced” state

In order to reach the axis state ”axis safely referenced”, the axis state ”axis
referenced” must have been reached, and either
S the user confirms the current position using the user agreement (refer to
Chapter 5.4.4 ”User agreement”
or
S a saved and set user agreement and saved stop position when the system was
powered--down must exist. The position associated with the saved data must
match the current position within a tolerance window. This is checked both in
the drive and in the NC.
(refer to Fig. 5-5 ”Axis states when referencing”).
The axis state ”axis safely referenced” is displayed using the SGA ”axis safely
referenced”. A safety--related position evaluation can only be carried out for the SE
and SN functions after this state has been reached.

Saved user agreement

The state of the user agreement function is saved in non--volatile memories. This
saved user agreement forms, together with the stop position, also saved in a non--
volatile fashion the prerequisite for the axis state ”axis safely referenced”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-97
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

Saved stop position

The saved stop position data is combined with the permanently saved user agree-
ment to form the previous history.
The following must be noted when the stop position is saved:
The following applies when SE/SN is active:
S The stop position is cyclically saved.
S If the axis is moved with the system powered--down, then the saved stop posi-
tion no longer matches the current position.
As described under ”axis safely referenced” the ”axis safely referenced” state can
also be achieved using a saved and set user agreement and a saved stop position.
The following conditions must be fulfilled:
S The saved user agreement must be available.
S The difference between the ”reference position” (power--on position with abso-
lute measuring systems or reference position for incremental measuring
systems) and the saved stop position (including the traversing distance to the
reference point with ERN) must be within a tolerance window specified using
the appropriate machine data.

© Siemens AG 2015 All Rights Reserved

5-98 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.4 Actual value conditioning

SBH/SG is safe
Axis status is displayed using:
from this axis
Axis not Interface signal
status onwards Axis status
referenced ”Reference point reached” = ”0”

EQN: Read the absolute value from the encoder

ERN: Reference point approach

Axis status Axis referenced Interface signal

”reference point reached” = ”1”

User No
agreement

Yes
User checks the position
Check not
Check, actual OK
position/saved stop User agreement (softkey)
position

Check OK
SE/SN is safe
from this axis
Axis status Axis safely
status onwards
referenced SGA
”Axis safely referenced” = ”1”

Figure 5-5 Axis states when referencing

5.4.4 User agreement

Description
With a user agreement, an appropriately authorized person confirms that the
currently displayed SI actual position of an axis corresponds to the actual position
at the machine.
This can be checked by traversing the axis to a known position (e.g. a visual mark)
or the axis is adjusted/calibrated and the SI actual position is therefore compared
in the ”user agreement” screen.
An axis/spindle with integrated safety functions can have the following status:
User agreement = yes, or
User agreement = no

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-99
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

All safety axes are listed in the HMI display ”user agreement” for which safety end
stops and/or safety cams have been activated. The following data are displayed:
S Machine--axis name
S SI position
S User agreement

When does a user agreement have to be given?

A user agreement is always required if an axis/spindle is to be monitored for SE,
SN.
A user agreement is only required:
-- when the axis/spindle is commissioned for the first time.
-- when the user intends or needs to again manually and safely reference the
axis/spindle.
-- if, after POWER ON, the standstill position did not correspond with the
actual position and the control cancelled the user agreement.
-- after parking an axis/spindle
(only if the change in position is greater than that defined using MD36944
$MA_SAFE_REFP_POS_TOL tolerance actual value comparison
(referencing)).

Note
An axis/spindle must have the status User agreement = yes before the SN and SE
functions can be used.
For axes/spindles without the safety ”SE” and ”SN” functions, the saved stop
position position is not evaluated.

Warning
! If the drive has not been safely referenced and a user agreement has not been
given, then the following applies:
-- the ”Safe software cams” and/or ”Safe cam track” are active, but are not
safety--relevant.
-- The ”Safe software limit switches” are not active

The user agreement can only be set by an authorized user.

The user agreement can be cancelled by the user or as a result of a function being
selected (e.g. new gear stage) or also an incorrect state (e.g. inconsistency in the
user agreement between the NC and drive). When the user agreement is can-
celled, the axis state ”axis safely referenced” is always reset
(refer to Fig. 5-5 ”Axis states when referencing”).

© Siemens AG 2015 All Rights Reserved

5-100 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.4 Actual value conditioning

Interlocking the user agreement

Before a user agreement can be issued, the interlock must be cancelled:
S Keyswitch
in setting 3 --> the user agreement can be issued
After the user agreement has been issued, the interlocking must be again set
(e.g. key switch position 3 must be left and the key withdrawn).

5.4.5 Taking into account selector gearboxes

The possible gearbox ratios must be known in order that the NC and drive can
evaluate the position actual values referred to the load.
For this purposes, various gearbox ratios can be selected on an axis--for--axis
basis in the machine data and selected using the ”Safety--related inputs/outputs”
(SGEs/SGAs).
The following points must be carefully observed for drives with control gears
(these are generally used with spindles).
S If the drive is operated with an (indirect) encoder (motor measuring system),
i.e. the safety--related actual value for the NCK and drive are derived from the
same measuring system, then the gearbox ratios (gearbox stage selection for
Safety Integrated) must also be selected for both monitoring channels. The
state of the SGE signal ratio selection (bits 0..2) is not subject to a crosswise
data comparison; however, the safety--related actual values from the NCK and
drive are compared to evaluate if there is any deviation (< 36942
$MA_SAFE_POS_TOL or parameter p9542 SI Motion, actual value comparison
tolerance (crosswise) (Control Unit)).
S If the drive is operated with an (indirect) motor encoder and a (direct) spindle
encoder, the safety--related actual values are derived from the direct encoder
and those of the drive from the indirect encoder. For the direct encoder, the ge-
arbox changeover is not relevant and the gearbox stage changeover only has to
be configured/engineered for the drive.
S Using the two machine data fields
36921[0..7] $MA_SAFE_ENC_GEAR_DENOM[n] denominator, gearbox enco-
der/load and
MD36922[0..7] $MA_SAFE_ENC_GEAR_NUMERA[n] numerator gearbox ratio
encoder/load
or
p9521[0..7] SI Motion gearbox encoder/load denominator (Control Unit) and
p9522[0..7] SI Motion gearbox encoder/load numerator (Control Unit)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-101
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

8 different gearbox stage pairs for NCK/drive can be defined. For this definition,
there is no special function for an index value -- e.g. interdependency on the
operating mode of the spindle. These 8 pairs must be parameterized and selec-
ted depending on the encoder configuration.
S As a result of the gearbox stage changeover, the encoder evaluation for the
safety--related actual values change. Ideally, the gearbox stage for Safety Inte-
grated is changed--over at standstill. However, this is generally not in--line with
what is required in practice. This means that the actual value offset when
changing--over the gearbox stage (e.g. using oscillation) may not be greater
than the already mentioned actual value tolerance window (MD36942 / p9542).
S If, for the axis with control gear, position--dependent monitoring functions are
activated -- such as SE or SN -- the user agreement (assuming that it was pre-
viously set) is withdrawn when changing--over the gearbox ratio and the SGA
”axis safely referenced” is set to 0. When the gearbox stage is changed from
the PLC and/or by selecting a new ratio, a new gearbox ratio is detected using
the appropriate SGEs.
S After the gearbox stage has been selected, the spindle must be re--synchroni-
zed. When resynchronizing the spindle, the two safety--related actual values
(NCK and drive) are re--initialized with the newly synchronized actual value.
A possible difference that was previously present between the two safety--rela-
ted actual values is therefore corrected.
S In order to be able to re--use the SN or SE function after the gearbox ratio has
been selected (changed), the user must bring the spindle into the state ”axis
safely referenced” -- the user agreement must be re--issued.
S For 2--encoder systems, the gearbox ratio does not have to be selected in a
safety--related fashion and can be implemented through one channel. On the
other hand, for a 1--encoder system, the ratio selection must implemented using
safety--related technology -- i.e. using two channels.

Warning
! When a new stage is selected for a control gear (the ratio changed), an axis is
parked or the mounting situation is modified (encoder and motor replaced), this
means that the load and encoder have been decoupled. The NC and drive cannot
detect this. The state ”axis safety referenced” is no longer applicable.
The user is responsible in bringing the axis back into the ”axis safely referenced”
state if the functions ”safe software limit switch” or ”safe cams” are used.

© Siemens AG 2015 All Rights Reserved

5-102 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.4 Actual value conditioning

5.4.6 Actual value synchronization (slip for 2-- encoder systems)

Description of function
When a 2--encoder system is used, SI actual values from the NC and the drive drift
apart for systems that have inherent slip. The reason for this is that the drive eva-
luates the motor measuring system and the NC evaluates the direct measuring
system after the gearbox.
There are the following two alternatives in order to avoid this:
S 1--encoder system without actual value synchronization
S 2--encoder system with actual value synchronization and therefore additional
monitoring of the load side

Slip tolerance
The actual value is synchronized through two channels. In both channels, machine
data 36949 $MA_SAFE_SLIP_VELO_TOL / parameter p9549 ”SI Motion slip velo-
city tolerance” is used in which the maximum offset between the NCK and drive
actual value is entered as velocity. The tolerance value entered in MD36942
$MA_SAFE_POS_TOL is not relevant.
For the actual value synchronization, both channels correct their SI actual position
to half the determined actual value difference. Please note that the two SI actual
positions no longer display the correct absolute position. The NC actual position
and the two SI actual positions are different.
The actual values are synchronized in the crosswise data comparison clock cycle.
Actual value synchronization is also performed when a crosswise data comparison
of the SI actual position outputs an error.
Actual values are also synchronized after ”referencing” and for ”parking axis”.
The currently determined and the maximum SI speed difference since the last
reset are displayed in the axis--specific service screen for diagnostic purposes.
To define the slip tolerance, the maximum differential speed is set in MD36949
$MA_SAFE_SLIP_VELO_TOL. As a result of an action, such as e.g. maximum
acceleration when starting, gearbox stage changes with oscillation, a situation is
created where the actual values drift apart. This value can be taken as nominal
value from the diagnostics screen ”Maximum velocity difference”, multiplied by a
factor of 1.5 and then entered into MD36949.

Note
Actual values are only synchronized when there is an actual value difference
between the two channels of 2 μm or 2 m degrees in each SI monitoring clock
cycle.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-103
Basics on the safety functions integrated in the system/drive 10/15
5.4 Actual value conditioning

Boundary conditions
The two SI actual positions no longer display the correct absolute machine posi-
tion. The correct position can now only be read out via the NC actual position.
The safety monitoring functions SG, SBH, SBR and ”n<nx” still only respond to
actual value changes from the particular actual value acquisition channel -- not to
changes in the actual value resulting from the actual value synchronization. A
single--channel SG violation only initiates an alarm in the channel in which this
speed violation was detected. The associated stop response is therefore still initia-
ted through two channels.
SGA ”n<nx” can also assume different static states in the two monitoring channels.

Note
It is not possible to activate the safe SE and SN functions for an axis/spindle
where slip can occur between the motor and the load.

Activation
The actual value synchronization is selected by setting bit 3 in machine data 36901
$MA_SAFE_FUNCTION_ENABLE or parameter p9501:” SI Motion, enable safety--
related functions”. In addition, SI function ”SBH/SG monitoring” must also be ena-
bled.
Actual value synchronization is only permissible if a monitoring function with abso-
lute reference has not been simultaneously enabled. If SE and/or SN are also se-
lected, power on Alarms 27033 and F01688 are also output when booting.
The actual value synchronization is only permissible for 2--encoder systems. If this
function is enabled for a single--encoder system, Alarm 27033/F01688 is output.

5.4.7 Encoder limit frequency

The encoder limit frequency is fixed at 500 kHz. This value is secured through the
crosswise data comparison between the NCK and drive.
Monitoring the speed to ensure that it does not exceed the encoder limit frequency
is carried out using the SMI, SMC and SME Sensor Modules (see Chapter 6.5
”Safely reduced speed”).
Encoders with DRIVE--CLiQ interface are not monitored with respect to an encoder
limit frequency.

© Siemens AG 2015 All Rights Reserved

5-104 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.5 Enabling the safety--related functions

5.5 Enabling the safety--related functions

Global enable
SINUMERIK Safety Integrated (SI) with the safety--related functions is enabled
using options.
The enable signal determines the number of axes/spindles for which SI can be
activated. Using an additional options, in addition, the number of possible SPL--
SGEs/SGAs is defined.
The SH/SBC/SS1 function is completely implemented in SINAMICS S120 and is,
as a function integrated in the drive, included in the basic drive scope.

Enabling safety--related functions

Which safety functions are to be effective can be individually selected for each axis
using the following machine data:
for 840D sl
MD36901 $MA_SAFE_FUNCTION_ENABLE
(see Chapter 8.1, ”Machine data for SINUMERIK 840D sl”)
For S120
p9501 SI Motion enable safety functions (Control Unit)
(see Chapter 8.2, ”Parameters for SINAMICS S120”)
Among others, the following functions can be individually enabled:
S SBH/SG
S SE
S SN
S SG override
S Actual value synchronization
S External STOPs
S Cam synchronization
S STOP E
S Extension n<nx

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-105
Basics on the safety functions integrated in the system/drive 10/15
5.5 Enabling the safety--related functions

Note
S To ensure that SBH can always be selected in the event of an error, the
function SBH/SG must be activated and appropriately parameterized when the
function SE and/or SN are(is) enabled.
S The axis--specific enable data in the NCK must match those in the drive,
otherwise, the crosswise data comparison signals an error.
S An SI axis is treated as an axis in terms of the global option if at least one
safety--related function is activated via the axis--specific enable data.
S The maximum number of axes that may operate with SI and SPL SGE/SGAs is
the number that was enabled using the options.

© Siemens AG 2015 All Rights Reserved

5-106 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Basics on the safety functions integrated in the system/drive
5.6 Switching the system on/off

5.6 Switching the system on/off

Warning
! In a system configuration, the firmware versions of the DRIVE--CLiQ components
can only differ from the versions on the CF card, if either
a) the automatic upgrade/downgrade (parameter p7826) is deactivated, or
b) components with a new firmware version can no longer be downgraded to the
status of the version available on the CF card.
Case a) is not permitted when Safety Integrated is used. The automatic
upgrade/downgrade must never be disabled when Safety Integrated is used.
(automatic firmware update (p7826) must be equal to 1)
Case b) is only permissible if this combination has been explicitly approved by the
manufacturer.
http://support.automation.siemens.com/WW/view/de/28554461

Warning
! After hardware and/or software components have been changed or replaced, it is
only permissible to boot the system and activate the drives when the protective
devices are closed. Personnel shall not be present within the danger zone.
Depending on the change made or what has been replaced, it may be necessary
to carry--out a partial or complete acceptance test (see Chapter 9.5 ”Acceptance
test”).
Before personnel may re--enter the hazardous area, the drives should be tested to
ensure that they exhibit stable control behavior by briefly moving them in both the
plus and minus directions (+/–).
This is especially important specifically for high--speed linear or torque motors.

What has to be observed when switching on?

The safety--related functions are only available and can only be activated after the
system has completely booted.
We recommend that the safe operating stop (SBH) function is selected.
For axes with SE/SN, the stop position is used to internally check the position
when powering--up.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 5-107
Basics on the safety functions integrated in the system/drive 10/15
5.6 Switching the system on/off

Warning
! System startup is a critical operating state with increased risk. In this phase,
especially when activating drives, it is not permissible that personnel are close to
the hazardous area.
Further, for vertical axes, it is very important to ensure that the drives are in a
state with the pulses cancelled.

A complete forced checking procedure is necessary after powering--up (refer to

Chapter 5.3, ”Forced checking procedure”).

What has to be observed when switching off?

-- When SE/SN is activated, the following applies:
The stop position is cyclically saved.
For this reason, the user should only switch--off the control when the axes/
spindles with safety functions have stopped moving.

Note
If the axis is moved with the system switched--off, then the saved stop position
no longer matches the current position. For axes with safety--related functions SE
and SN, when switching--on, a user agreement is again required after the position
has been checked.

© Siemens AG 2015 All Rights Reserved

5-108 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Safety functions integrated in the system/
drive 6
6.1 Safe standstill (SH)

Note
This Chapter describes the safety function safe standstill (SH), controlled from the
safety--related motion monitoring functions. The function is based on the safety
functions STO/SBC of the drive (see Chapter 4). Fig. 6-1 shows the
interrelationships.
The safety functions STO, SBC and SS1, integrated in the drive, controlled via the
drive terminals, are described in Chapter 4. Control via terminals and from the
motion monitoring functions is in parallel and can be used independently of one
another.
A Stop A/STO initiated in the drive (i.e. a system error in the drive or
STO/SBC/SS1 selection via terminal) is however not available as two--channel
SGA ”STOP A/B active” for the safety--related motion monitoring functions. There
is only a single--channel signal ”pulses cancelled” present.

Description
The safe standstill function is based on the pulse cancellation function integrated in
the Motor Modules of the SINAMICS S120 (start inhibit) (see Chapter 4.3 ”Safe
Torque Off (STO)”.
There are two shutdown paths that are independent of one another that ensure
that when a component fails, the drive is always brought into a safe condition.
The safe standstill function safely disconnects the energy feed to the motor in the
event of a fault or in conjunction with a machine function.
The following must be carefully observed when controlling/energizing SH from the
motion monitoring functions.
-- The safety functions STO/SBC/SS1 integrated in the drive are, correspon-
ding to the description in Chapter 4 ”Safety Functions Integrated in the
Drive” fully effective (parameters, alarms etc.). The standard pre--assign-
ment (default setting) of the associated parameters is generally sufficient in
the context of the motion monitoring functions.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-109
Safety functions integrated in the system/drive 10/15
6.1 Safe standstill (SH)

-- The safety function STO integrated in the drive does not have to be explicitly
enabled; this is implicitly enabled by enabling the motion monitoring func-
tions (p9501 < > 0). If the safety function SBC integrated in the drive is to be
additionally activated when selecting STO, then this however must be expli-
citly enabled.
-- The PROFIsafe drive address must be set.

Warning
! If the safe standstill function or ”STOP A” is activated, the motor can no longer
generate any torque. This is the reason that potentially hazardous motion can
occur, e.g. for the following:
S When an external force acts on the drive axes
S Vertical and inclined axes without weight equalization
S Axes that are moving (coasting down)
S Direct drives with low friction and low self--locking
S Notching torques (depending on the motor type, bearing design and friction
characteristics, up to half a pole pitch in a direction that cannot be predicted).
Possible hazards must be clearly identified using a risk analysis that must be
carried out by the manufacturer. With an assessment, based on this risk analysis,
it should be defined as to which additional measures are required, e.g. external
brakes.

Features
The main features of the safe standstill function are as follows:
S The motor cannot be started unintentionally or accidentally
S The energy feed to the motor is safely disconnected
S The Motor Module and motor are not electrically isolated from one another

Selecting/deselecting SH
The safe standstill function corresponds to an external STOP A. This makes it pos-
sible to explicitly select SH, not only using internal events (STOP A when a limit
value is violated), but also via SGE.
S Safe standstill is activated after a STOP A.
S Safe standstill is automatically activated from every monitoring channel when
testing the shutdown paths.

© Siemens AG 2015 All Rights Reserved

6-110 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.1 Safe standstill (SH)

Note
When selecting/deselecting SH, motion monitoring functions such as SBH, SG,
n<nx, SE, SN are not influenced. For instance, when manually turning a spindle in
the SH state, with SBH simultaneously selected, then this results in Alarm 27010.
When required, users must take this into account in the safe programmable logic
(SPL).

Warning
! After the machine has been powered--up, the safe standstill function must always
be tested for all of the axes/spindles by testing the shutdown path using Safety
Integrated.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-111
Safety functions integrated in the system/drive 10/15
6.1 Safe standstill (SH)

6.1.1 Switch--off signal paths

The interaction of the safety functions integrated in the drive and the motion moni-
toring functions (Motion Monitor) are shown in Fig. 6-1.

ext. SGE ext. SGA

NCU
Safe
programmable
logic (SPL)

SGE/SGA
SGE/SGA
cycl. SI data
(including SGE/
NCK SGA, CDC data) Drive
Motion Monitor Motion Monitor

Pulse optional:
suppression STO/SBC/SS1 selection
via terminal
²1

Switch--off
signal path Drive (CU)
SI, integrated
NCK in the drive

cycl. Data for SI,

integrated in the
drive (CDC, ...)

MM Shutdown path CU
(Motor Module) Pulse suppression
Pulse suppression
Drive (MM)
SI, integrated Shutdown path MM
²1
in the drive Pulse suppression

optional: STO/
SBC/SS1 selection
via terminal

Figure 6-1 Overview of the shutdown paths

Shutdown path of the monitoring channel, drive

The motion monitoring function in the CU signals the monitoring function integrated
in the drive in the CU that the pulses must be cancelled in the SI monitoring chan-
nel integrated in the drive.

© Siemens AG 2015 All Rights Reserved

6-112 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.1 Safe standstill (SH)

S Drive (CU) SI, integrated in the drive

-- The requirement to cancel the pulses is detected. Mechanisms then start
that are also executed when STO is selected for the safety functions integra-
ted in the drive:
-- Initiating the pulse cancellation
-- The timer routine is started to check the feedback. After the timer has
expired (in the next monitoring clock cycle integrated in the drive), using
the feedback signal, it is checked as to whether the pulses have been
cancelled via this shutdown path.
-- If p9602=1, then safe brake control is executed.

Shutdown path of the monitoring channel, control

If the higher--level control with its motion monitoring identifies that it is necessary to
cancel the pulses, then the following sequence applies:
S NCK Motion Monitor
-- The control communicates to the Motor Modules the requirements to cancel
the pulses.
S Drive (MM) SI, integrated in the drive
-- If the drive--integrated monitoring function in the Motor Module identifies the
requirement to cancel the pulses, then the same mechanisms are started
that are carried out for an STO selection of the safety functions integrated in
the drive and an STO is initiated:
-- Initiating the pulse cancellation
-- The timer routine is started to check the feedback. After the timer has
expired (in the next monitoring clock cycle integrated in the drive), using
the feedback signal, it is checked as to whether the pulses have been
cancelled via this shutdown path.
-- If p9802=1, then safe brake control is executed.
-- If the Motor Module detects that communications to the NCK have failed,
then this is identified by the safety functions integrated in the drive and an
STO is initiated.

6.1.2 Testing the switch--off signal paths

Description
The test stop is used to check the shutdown paths of both monitoring channels.
There is a test stop input (drive SGE). The acknowledgment is realized via the
drive SGA ”status pulses cancelled”. The pulse cancellation must be simulta-
neously initiated through both shutdown paths due to the fact that the Motor
Modules and drive closed--loop control are cross--checked.
The user (machine manufacturer) must configure the execution of the test stop
phase.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-113
Safety functions integrated in the system/drive 10/15
6.1 Safe standstill (SH)

Note
A test stop can be simultaneously made for all axes of a drive unit.

Instant in time of the test stop

The shutdown paths must be tested (forced checking procedure) at a suitable in-
stant in time, refer to Chapter 5.3 ”Forced checking procedure”.

Note
The machine manufacturer should define the ”test shutdown paths” time in an
appropriate ”test block”.

Note
If the brake control is enabled, then when the test stop is initiated, the brake is
also controlled.

Prerequisites for the test stop

S At the start, the pulses must still be enabled; further, it is not permissible that
SH is selected at the start.
S For vertical (suspended) axes, the manufacturer must ensure that these are
locked (to stop them falling).

Note
The test stop can be carried out independently of the status of the standard pulse
cancellation.

Message
The ”test stop running” message is displayed during the ”test stop”.

© Siemens AG 2015 All Rights Reserved

6-114 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.2 Safe operating stop (SBH)

6.2 Safe operating stop (SBH)

Description
The function safely monitors the stop position (zero speed) of an axis/spindle in
closed--loop position or speed control.
When SBH is active (SGA ”SBH active” = 1), operating personnel can, for
example, enter protected machine areas in the setting--up mode without first
having to power--down the machine.
An incremental encoder is sufficient to implement this function. The actual position
value is monitored for a change.
In this case, the encoder coarse position must be taken into account for a 1--enco-
der system (see Chapter 5.4 ”Actual value conditioning”).

Features
The features of the SBH function are as follows:
S The axis remains in closed--loop control
S Parameterizable SBH tolerance window
S STOP B is the stop response after SBH has responded

Standstill tolerance
The standstill of the axis/spindle is monitored using an SBH tolerance window that
is parameterized using the following machine data:
for 840D sl:
MD36930 $MA_SAFE_STANDSTILL_TOL
for SINAMICS S120:
p9530 SI Motion standstill tolerance (Control Unit)

Note
The width of the SBH tolerance window should be based on the standstill (zero
speed) monitoring limit and should lie slightly above it. Otherwise, the standard
monitoring functions of the control could be ineffective. In this case, the encoder
coarse position must be taken into account for a 1--encoder system.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-115
Safety functions integrated in the system/drive 10/15
6.2 Safe operating stop (SBH)

Standstill tolerance = = s
(actual value)

Figure 6-2 Standstill tolerance

Preconditions
The following conditions must be fulfilled:
S The option and functions must be enabled in the axis--specific machine data
S SGEs ”SBH/SG deselection” and ”SBH deselection” must be supplied in the
NCK and drive monitoring channel

6.2.1 Selecting/deselecting the safe operating stop

Selecting SBH
The safe operating stop function is selected using the following SGEs:

Table 6-1 Selecting/deselecting SBH

SGE SGA
SBH/SG SBH SBH Meaning
deselection deselection active
=1 x 0 SBH and SG are deselected
=0 =0 1 SBH is selected
=0 =1 0 SG is selected (see Chapter 6.5, ”Safely redu-
ced speed (SG)”), 1)
Note:
x --> Any signal state
1) The active SG stage is displayed using SGA ”SGA active bit 0” and ”SG active bit 1”.

© Siemens AG 2015 All Rights Reserved

6-116 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.2 Safe operating stop (SBH)

Note
If safely reduced speed was not active prior to the selection of SBH, any moving
axis/spindle is stopped with STOP B/A.
The actual status of the function is displayed using the SGA ”SBH active”.
The SGEs and SGAs are described in Chapter 7.1 ”Safety--related input/output
signals (SGE/SGA)”.

Internal control request for SBH

When the SG or SE responds (STOP C, D, E) the drive is internally switched to
the safe operating stop state in the control. In such cases, the external circuit of
the SGEs (SBH/SG deselection and SBH deselection) is ignored and both are in-
ternally set to ”0”.

Selecting SBH from SG

The changeover from safely reduced speed to safe operating stop is initiated using
the SGE ”SBH deselection”. A delay time that is parameterized in the following
machine data is simultaneously started with the changeover to SBH (signal ”SBH
deselection”=0):
for 840D sl
MD36951 $MA_SAFE_VELO_SWITCH_DELAY
for SINAMICS S120
p9551 SI Motion SLS(SG) changeover delay time (Control Unit)
SBH is activated as soon as the delay time expires.

Note
If the SBH function is selected while an axis/spindle is moving, the machine
manufacturer must initiate the braking process such that the axis/spindle is in
position -- i.e. stationary -- after the delay time has expired. This can be performed
automatically using the ”setpoint speed limiting” function. If the axis moves out of
the standstill tolerance window after the delay has expired, an alarm is generated
(for 840D sl: 27010, for SINAMICS S120: F01707) and STOP B/A initiated!

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-117
Safety functions integrated in the system/drive 10/15
6.2 Safe operating stop (SBH)

v
SGn a)
vact a) Braking is initiated

t
SGE ”SBH deselection”

SGn is active

Delay time, speed changeover

SBH is active

Braking time

Timer is active

Figure 6-3 Timing when SBH is selected from SG

Deselecting SBH
Safe operating stop can be deselected using SGE ”SBH/SG deselection” (= ”1”
signal); this results in a general deactivation of SBH and SG. The SBH function is
also deselected when the SG function is selected using the SGE ”SBH deselec-
tion”.

Note
The delay time must be selected as a function of the distance to the hazardous
location. The speeds to be taken into account in this respect are stipulated in
Standard DIN EN ISO 13855.

Configuring NCK--SGAs
The NCK--SGA ”SBH active” is configured using the following machine data:
for 840D sl
MD36981 $MA_SAFE_SS_STATUS_OUTPUT

Configuring NCK--SGEs
for 840D sl
MD36971 $MA_SAFE_SS_DISABLE_INPUT

© Siemens AG 2015 All Rights Reserved

6-118 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.2 Safe operating stop (SBH)

SGA ”SBH active”

If this SGA is set, then safe operating stop (SBH) is active. This means that the
axis is safely monitored for zero speed. This SGA can be used, for example, to
implement protective door interlocking functions.

6.2.2 Effects when the limit is exceeded for SBH

Warning
! If the safe operating stop function is activated, when a fault situation occurs, the
axis mechanical system can exhibit jerky, uneven motion. The magnitude of this
movement depends on the following parameters:
S Design of the mechanical system and gear ratio between the motor and
mechanical system
S Speed and acceleration capability of the motor
S Magnitude of the selected monitoring clock cycle
S Magnitude of the selected SBH tolerance window

If the axis/spindle is being monitored (SGA ”SBH active”=1) and leaves, for
example, the standstill tolerance window as the result of an external influence or
an undefined setpoint input, the effects are as follows:

Effects
S The axis switches to STOP A/B configured using the following MD:
for 840D sl:
36956 $MA_SAFE_PULSE_DISABLE_DELAY
For S120:
p9556 SI Motion pulse cancelation delay time (Control Unit)
and
for 840D sl:
36960 $MA_SAFE_STANDSTILL_VELO_TOL
For S120:
p9560 SI Motion pulse cancelation shutdown speed (Control Unit)
S An alarm is generated (for 840D sl: 27010, for S120: F01707)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-119
Safety functions integrated in the system/drive 10/15
6.2 Safe operating stop (SBH)

Timing when the limit value is exceeded

If the safe operating stop function is active, the timing response when the limit va-
lue is exceeded is as follows:

d) Transition from STOP B to c) Start of the stop response

n STOP A (pulse cancellation)
STOP A
Tolerance STOP B
Shutdown exceeded b) d)
speed Fault a)
s
= = Standstill
tolerance
not to scale
t1

t
t2
t3

t4 t6

t5
t7

t8

t9

Figure 6-4 Timing response when the limit value is exceeded for SBH

Table 6-2 Explanation of the figure

Time Explanation
t1 The position control clock cycle, defined by the following MDs:
for 840D sl:
MD10050 $MN_SYSCLOCK_CYCLE_TIME
MD10060 $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle, defined by the following MDs:
for 840D sl:
MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
for SINAMICS S120:
r9500 SI Motion monitoring clock cycle (Control Unit)
t3 Time until the standstill tolerance value is exceeded
t4 Time until it has been detected that the standstill tolerance value has been exceeded
(typical 0.5 monitoring clock cycles, maximum 1 monitoring clock cycle + 1 position controller
clock cycle)
t5 Response time required to initiate the configured stop response
(typical 1.5 monitoring clock cycles, maximum 2 monitoring clock cycles + 1 position controller
clock cycle)
t6 Time until the stop response that was initiated starts
(typical 2 position controller clock cycles, maximum 2 position controller clock cycles)
t7 Time required to reach the shutdown speed for STOP B.
t8 Time required to stop the axis for a STOP B.

© Siemens AG 2015 All Rights Reserved

6-120 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.2 Safe operating stop (SBH)

Table 6-2 Explanation of the figure, continued

Time Explanation
t9 Time required to stop the axis for a STOP A.
Note:
Each axis must be measured during commissioning (start--up) to determine the distance that it travels
between the limit switch being violated and it coming to a standstill.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-121
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

6.3 Safe Stops A--F

6.3.1 General information

Safe Stops are used to stop drive motion and bring it to a standstill. A distinction is
made between internal and external Stops. The internal Stop responses, initiated
by safety--related functions when limit values are violated, initiate an alarm. The
external stop responses selected by SGEs do not issue an alarm and are acknowl-
edged when the SGEs are deselected.

Stop responses SBH and SH

Fig. 6-5 shows the relationship between the stop responses and the safe operating
stop (SBH) or the safe standstill (SH).

Stop - Category acc. to EN60204 Part 1

0 1 2
Only for active axis-- specific safety function

Stop Stop Stop Stop Stop Stop

A B C D E F

Path-- -- Retraction --
Setpoint -- Setpoint -- related cond-- --
target ”0” target ”0” in a group itions

SBH
(standstill in closed--loop control)

Only under fault conditions

SH
(pulse cancellation)

Figure 6-5 Stop responses, safe operating stop (SBH), safe standstill (SH)

A high degree of security against faults/errors is afforded by the two--channel

system structure with its permanent, crosswise data comparison. Alarms and stop
responses are initiated when differences are detected between the two channels.
The purpose of the stop responses is to safely stop the drives in a controlled
fashion according to the actual machine requirements. A differentiation is made
between the stop responses STOP A, B, C, D, E, F and the test stop. The type of
stop response that occurs in the event of a fault/error can either be pre--deter-
mined by the system or configured by the machine manufacturer.

© Siemens AG 2015 All Rights Reserved

6-122 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

Stops A, C, D and E can also be externally selected as a function of an event via

safety--related inputs (SGE).

Warning
! Protection of personnel must be given top priority when stop responses are
configured. The objective is to stop the drives in a way that best suits the situation.
The time stages of the stops must be configured with the smallest possible value
corresponding to the application.

Table 6-3 Stop response overview

STOP Action Effect Initiated in Chan- Acknowl-

response to ges to edgment
A Pulses are immediately Drive coasts down SBR/SG SH POWER ON
cancelled exceeded
B 0 speed setpoint is Drive is braked at the SBR/SG SH POWER ON
immediately entered + current limit/along the exceeded
timer tB started OFF3 ramp
tB =0 or nact < n shutdown: Transition to STOP A
STOP A
C 0 speed setpoint is Drive is braked at the SG/SE SBH RESET
immediately entered + current limit/along the exceeded
timer tC is started OFF3 ramp
tC =0: SBH is activated
D Brake at the accelera- Drive is braked as part SG/SE SBH RESET
tion limit + timer tD is of a group along the exceeded
started path
tD =0: SBH is activated
E Results in stopping and Drive is braked along SG/SE SBH RESET
retraction + timer tE is the programmed retrac- exceeded
started tion and stopping motion
tE =0: SBH is activated (ESR).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-123
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

Table 6-3 Stop response overview, continued

STOP Action Effect Initiated in Chan- Acknowl-

response to ges to edgment
F Depending on the parti-
cular situation
a) Safety function inac- a) NC start and tra- a) ---- a) RESET
tive (no SBH, SG, SE versing interlock
and SN active):
Saved (latched) mes-
sage to the operator
b) Safety function active b) Transition to STOP Crosswise data b) SH b) POWER
(SBH, SG, SE or SN B/A comparison ON
active)
STOP B/A is initiated
(can be configured)
c) Safety function active c) NC start and tra- c) ---- c) RESET
and STOP C, D or E versing interlock
initiated:
Saved (latched) mes-
sage to the operator
Note:
The timers can be set using the appropriate machine data.

Configurable stop responses

The stop responses that occur when limit values defined using machine data are
violated can be selected by the machine manufacturer using the appropriate
machine data as follows:

Table 6-4 Configurable stop responses

Safety-- Configurable stop responses

related function
SBH STOP B* (cannot be configured)
SG STOP A, B*, C, D, E
SE STOP C, D, E
SN No internal stop response
When required, the user can configure the appropriate safe
stop responses using the SGAs SN1, SN2, ... .
SBR STOP A (cannot be configured)
CDC: STOP F cannot be configured
Note:
* There is an immediate transition from STOP B to A if tB = 0 or the parameterized speed
threshold is exceeded.

© Siemens AG 2015 All Rights Reserved

6-124 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

Assignment table for stop responses

Table 6-5 Stop responses for SI acc. to EN 60204--1

Stop response for Stop function acc. to EN 60204--1

SINUMERIK Safety Integrated
STOP A Category 0
STOP B, STOP F 1) Category 1
STOP C, STOP D, STOP E Category 2
Note:
1) STOP F initiates STOP B if at least one safety--related function is active (SBH, SG, SE,
SN and ”Synchronization, hysteresis, filtering n<nx”).

Priority of the stop responses

Table 6-6 Priority of the stop responses

Priority level Stop response

Highest priority STOP A
........ STOP B
....... SGE test stop selection
..... STOP C
... STOP D
. STOP E
Lowest priority STOP F

Note
A stop response listed in Table 6-6 ”Priorities for stop responses” can only be
initiated if at least one safety--related function is active (except for STOP F).
Once a stop response has occurred, the sequence of operations it involves will be
completed even if the cause of the stop no longer exists.
It is possible to advance to stop responses that have a higher priority. It is not
possible to advance to stop responses that have a lower priority.
When the external stops are selected, there is still the exception that the actual
low--priority STOP F can be initiated in spite of this.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-125
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

Stop response sequence

If a stop response is initiated in the drive, a signal is sent to the NC that responds
by initiating the same stop response (two--channel safety). Likewise, if a stop
response is initiated in the NC, the drive is automatically signaled and responds by
requesting the same stop response.
This mechanism ensures that stop responses are managed with a high degree of
safety.

External stops
Using this function, the user can stop the drive using SGEs.
The drives can be brought to a standstill in the following ways:
S By canceling the drive pulses SGE ”deselect ext. STOP A”
S Braking with nset = 0 / OFF3 ramp SGE ”deselect ext. STOP C”
S Braking along a path SGE ”deselect ext. STOP D”
S Braking with ESR motion SGE ”deselect ext. STOP E”

Enabling and activating the function

The function ”external STOPs” is enabled and activated using the following
machine data:
S Enabling the function
MD36901 / parameter p9501 $MA_SAFE_FUNCTION_ENABLE /
”SI Motion, enable safety functions”
Bit 0: Enable SBH/SG (see note)
Bit 6: Enable external STOPs
Bit 4: Enable external STOP E

Note
S In addition to enabling the function ”external STOPs”, function SBH/SG must
also be enabled as a minimum requirement.
S The external STOP E must be enabled with bit 4 = 1 in addition to bit 6 ”enable
external STOPs”.

Configuring NCK--SGE
for 840D sl:
MD36977 $MA_SAFE_EXT_STOP_INPUT[n]:
(input assignment, external stop request) with n = 0, 1, 2, 3.

© Siemens AG 2015 All Rights Reserved

6-126 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

Note
S For stopping types that are not used, the assignment must be inverted by
appropriately parameterizing MD36977[n]. This means that they are set to a ”1”
signal and are permanently ”inactive”.
Exception:
S STOP E is interlocked by its own enable signal.

An external Stop E can also be initiated as an error response to a crosswise data

comparison of NCK and PLC--SPL or for PROFIsafe errors, instead of a STOP D.
On the NCK side, parameterization is realized using MD10097
$MN_SAFE_SPL_STOP_MODE = 4 -- and on the PLC side, using
DB18.DBX36.1=1.
This parameterization is checked in the crosswise data comparison between PLC--
SPL and NCK--SPL (see Chapter 7.5 ”Safe programmable logic”).
If the value 4 is parameterized in MD10097, without enabling the external STOP E
in all axes with SI function enable, then Alarm 27033 is output for all of these axes.

SGE to stop the drive

The following SGE are available to stop the drive:

Table 6-7 SGE to stop the drive

SGE Stopping type Priority

Deselect ext STOP A (= Pulse suppression High
SH deselection)
Deselect ext. STOP C Braking with nset = 0 / OFF3 ...
ramp
Deselect ext. STOP D Braking along a path ...
Deselect ext. STOP E ESR is initiated Low
Notes:
SGE ” ... ” = 1 Stopping is not initiated (it is deselected)
SGE ” ... ” = 0 Stopping is initiated (it is selected)
If a stop request is selected simultaneously using several SGEs, then that with the highest
priority is executed.
If one of these SGEs changes, the ”tolerance time for SGE changeover” is activated
(36950/p9550).
Feedback signals:
for SGE ”deselect ext. STOP A”: via SGA ”status pulses cancelled” and SGA ”STOP A/B
active”
for SGE ”deselect ext. STOP C”: via SGA ”STOP C active”
for SGE ”deselect ext. STOP D”: via SGA ”STOP D active”
for SGE ”deselect ext. STOP E”: via SGA ”STOP E active”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-127
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

Note
S For external STOPs, alarms are not displayed. This means that the user
himself must configure the required message/signal.

Combinations for external STOPs

The following input bit combinations are obtained for the SGEs ”deselect ext.
STOP A”, ”deselect ext. STOP C”, ”deselect ext. STOP D” and ”deselect ext.
STOP E”:

Table 6-8 Input bit combinations

SGE
Deselect Deselect Deselect Deselect Description
external external external external
STOP E STOP D STOP C STOP A
x x x 0 ”Pulse cancellation” is initiated
x x 0 1 ”Braking is initiated with nset=0”
x 0 1 1 ”Braking along a path” is initiated
0 1 1 1 ”ESR” is initiated
1 1 1 1 External STOPs are not selected

Acknowledging a stop request

After requesting a specific stop type via SGE, this sequence can be cancelled by
one of the following events:
S Deselecting the stop request
S Selecting a stop request using an SGE with a higher priority
S A higher stop request (STOP A; B; C or D) with a higher priority is received
from an internal monitoring function

Effects of the stop responses on other axes/spindles

If a stop response is initiated, then this has the following effects on all of the other
axes in the same channel:
STOP E: Extended stopping and retraction is initiated
STOP D: Braking along a path
STOP C: NCK: IPO fast stop (braking at the current limit/OFF3 ramp)
STOP A: IPO fast stop (braking at the current limit)

© Siemens AG 2015 All Rights Reserved

6-128 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

The effect on the other axes in the channel can be influenced using the MD36964
$MA_SAFE_IPO_STOP_GROUP. This allows, for example, the pulses of a spindle
to be safely cancelled (using an external STOP A), in order that this spindle can be
manually turned and the axes can still be moved while being safely monitored.

STOP $MA_SAFE_IPO_STOP_GROUP = 0 $MA_SAFE_IPO_STOP_GROUP = 1

C Axes that interpolate with the involved axis Axes that interpolate with the involved axis
brake at the current limit/OFF3 ramp. All brake at the current limit/OFF3 ramp. All
other axes brake along the parameterized other axes do not brake.
braking ramp.
D Axes/spindles brake along the path or Axes that interpolate with the involved axis
along the parameterized braking ramp. brake along the parameterized braking
ramp. All other axes do not brake.
E ESR enabled and active:
ESR is initiated
ESR neither active nor enabled:
After a delay time of max. 2 Ipo clock cycles, the behavior as described for STOP D is
initiated.

6.3.2 Description of STOP A

When STOP A is activated, safe standstill (SH) is effective, see Chapter 6.1.1
”Shutdown paths”.
Action in the drive monitoring channel:
Pulses are immediately cancelled using the internal signal ”cancel pulses”.
In addition, the pulses in the gating unit are cancelled by a software function.
Action in the NCK monitoring channel:
the pulses are cancelled via the internal shutdown path of the NCK monitoring
channel
S Effect:
The drive coasts to a standstill if no external braking mechanism such as an
armature short--circuit and/or holding brake is used. The axis--specific alarm
results in a mode group stop, i.e. as the result of the error in one axis, all axes
and spindles in a mode group are stopped. Safe standstill becomes effective at
the end of STOP A.
S Alarm message for an internally initiated STOP A:
The alarm message ”STOP A initiated” is displayed.
S Acknowledgment for an internally initiated STOP A:
An unintentional restart is prevented for STOP A. The error can only be
acknowledged from the drive and control using a power on.
SGA ”STOP A/B active”
This signal indicates that STOP A/B is active.
0 signal: STOP A/B is not active.
1 signal: STOP A/B is active.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-129
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

Warning
! If the safe standstill function or ”STOP A” is activated, the motor can no longer
generate any torque. This is the reason that potentially hazardous motion can
occur, e.g. for the following:
S When an external force acts on the drive axes
S Vertical and inclined axes without weight equalization
S Axes that are moving (coasting down)
S Direct drives with low friction and low self--locking
S Notching torques (depending on the motor type, bearing design and friction
characteristics, up to half a pole pitch in a direction that cannot be predicted)
Possible hazards must be clearly identified using a risk analysis that must be
carried out by the manufacturer. With an assessment, based on this risk analysis,
it should be defined as to which additional measures are required, e.g. external
brakes.

© Siemens AG 2015 All Rights Reserved

6-130 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

SGE deselect external STOP A

”Pulse cancellation” can be requested and executed using this SGE.
The safety functions currently active (SG/SBH/SN/SE) are not influenced by this
SGE, unless function ”Deactivate SBH/SG monitoring during an external STOP A”
is enabled.
If one of the currently active limits is violated, an appropriate alarm is initiated. The
associated shutdown response cannot be activated because the pulses have
already been cancelled. As soon as the stop request is cancelled via the SGE
”deselect ext. STOP A” any queued shutdown responses become active.
If a stop request is active, SGA ”STOP A/B active” is set in the same way as it
would be for an internally triggered STOP A.
MD36977 $MA_SAFE_EXT_STOP_INPUT[0] is used to define the selection/
deselection of the external brake request, in this case, ”deselect external STOP A”
(SH, pulse cancellation).
An external STOP A is also activated if the ”Parking axis” function is selected.
Deactivate SBH/SG monitoring during external STOP A
In order to avoid that an axis, whose the pulses have been canceled, violates a
limit value as a result of SBH or SG monitoring, users can use the ”Deactivate
SBH/SG monitoring during an external STOP A” function.
If this function is enabled using bit 23 in MD36901 $MA_SAFE_FUNCTION_ENA-
BLE, then during an external STOP A, the SBH/SG monitoring is internally deacti-
vated, independent of how the external stop was requested. This can be done as
follows:
S Selection via SGE ”deselect ext. STOP A”
S ”Parking axis” requested or active
S External STOP A from other monitoring channel
SBH/SG monitoring is also deactivated, if, during an external STOP A, an internal
STOP A is active -- or becomes active.
Immediately after deselecting the external STOP A, the velocity or standstill moni-
toring available at the SGE becomes immediately active.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-131
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

6.3.3 Description of STOP B

Action in the drive monitoring channel:

The drive is braked along the OFF3 ramp by entering a speed setpoint = 0. If the
speed actual value falls below the value entered in p9560 ”SI Motion pulse can-
cellation shutdown speed”, or timer p9556 ”SI Motion delay time expired”, then a
transition is automatically made into STOP A.
Action in the NCK monitoring channel:
Analogous to the drive, the control system enters speed setpoint = 0 and when the
value in MD36960 $MA_SAFE_STANDSTILL_VELO_TOL is fallen below, or after
timer MD36956 $MA_SAFE_PULSE_DISABLE_DELAY expires, then a transition
is automatically made into STOP A.
Alternatively, braking can be realized drive--based along the OFF3 ramp
(see Chapter 6.3.5 ”Braking behavior for STOP B/C”).
If the timer in machine data 36956 $MA_SAFE_PULSE_DISABLE_DELAY or
P9556 ”SI Motion pulse cancellation delay time” is set to zero, then for a STOP B
an immediate transition is made into a STOP A.
The shutdown speed for the pulse cancellation is generally reached faster than the
delay time for the pulse cancellation.
S Effect:
The drive is braked along the OFF3 ramp under closed--loop speed control and
brought to a safe standstill.
S Alarm message for an internally initiated STOP B
The alarm message ”STOP B initiated” is displayed.
S Alarm message for an internally initiated STOP B:
An unintentional restart is prevented using a STOP A. The error can only be
acknowledged from the drive and control using a power on.
SGA ”STOP A/B is active”
This signal indicates that the STOP A/B is active.
0 signal: STOP A/B is not active
1 signal: STOP A/B is active

© Siemens AG 2015 All Rights Reserved

6-132 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

rpm a) Shutdown time is reached before the

nac pulse cancellation delay time expires
t b) Shutdown time is reached after the
b) pulse cancellation delay time expires
a)

Shutdown speed,
pulse cancellation

STOP B STOP A t
Delay time, pulse
cancellation

STOP B STOP A
a)

b) STOP B STOP A

Figure 6-6 Transition from STOP B to STOP A

It is possible that the stop for the NCK becomes effective one safety monitoring
clock cycle earlier than for the drive. This means that braking along the current
limit can become effective before the OFF3 ramp of the drive becomes effective.
In order to reduce the level of stress of the mechanical system of the machine
(if required) the braking torque can be reduced. To realize this, bit 4 ”Torque
limiting active in motoring/regenerating mode” can be set in parameter p1400 and
parameter p1521 ”Torque limit lower/regenerative” can be set to the required lower
torque. In this case, it should be noted that the braking distance (stopping
distance) of the axis is extended, and that the torque limiting is not only effective
for STOP B, but that generally, the dynamic response of the axis changes.

6.3.4 Description of STOP C

Action in the drive monitoring channel:

The drive is braked along the OFF3 ramp corresponding to the speed setpoint; in
parallel, the timer is started via parameter p9552 ”Transition time from STOP C to
SBH”. The SBH function is automatically activated after the timer expires.
Action in the NCK monitoring channel:
Essentially the same as the drive, the speed setpoint = 0 is specified by the control
and the interface signal ”Position controller active” (DB31, ... DBX61.5) of the drive
involved is set to zero.
In parallel, the timer is started using MD36952
$MA_SAFE_STOP_SWITCH_TIME_C.
The SBH function is automatically activated after the timer expires.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-133
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

S Effect:
The drive is braked along the OFF3 ramp under closed--loop speed control and
brought into SBH.
S Alarm message for an internally initiated STOP C:
The alarm message ”STOP C initiated” is output (see Chapter 10.2, ”Alarms for
SINUMERIK 840D sl”).
S Acknowledgment for an internally initiated STOP C:
An unintentional restart is prevented for a STOP C. The error can be acknowl-
edged using the NC--RESET key.
SGA ”STOP C is active”
This signal indicates that STOP C is active.
0 signal: STOP C is not active.
1 signal: STOP C is active.
It is possible that the stop for the NCK becomes effective one safety monitoring
clock cycle earlier than for the drive. This means that braking along the current
limit can become effective before the OFF3 ramp of the drive becomes effective.
In order to reduce the level of stress of the mechanical system of the machine
(if required) the braking torque can be reduced. To realize this, bit 4 ”Torque limi-
ting active in motoring/regenerating mode” can be set in parameter p1400 and
parameter p1521 ”Torque limit lower/regenerative” can be set to the required lower
torque. In this case, it should be noted that the braking distance (stopping
distance) of the axis is extended, and that the torque limiting is not only effective
for STOP C, but that generally, the dynamic response of the axis changes.
Alternatively, braking can be realized drive--based along the OFF3 ramp
(see Chapter 6.3.5 ”Braking behavior for STOP B/C”).

Note
Tracking operation becomes active when a STOP C is initiated.

SGE deselect external STOP C

If a stop request is active, SGA ”STOP C is active” is set in the same way as it
would be for an internally initiated STOP C.
MD36977 $MA_SAFE_EXT_STOP_INPUT[1] is used to define the selection/de-
selection of the external braking request; in this case ”deselect external STOP C”
(braking along the current limit or braking along the OFF3 ramp).

© Siemens AG 2015 All Rights Reserved

6-134 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

6.3.5 Braking behavior for STOP B/C

To support gentle braking behavior for STOP B/C, the braking operation can be
initiated completely independently of the drive. The velocity setpoint for a ramp
defined by parameter p1135 is thereby guided to zero (AUS3 ramp). In terms of
the NCK, the speed setpoint is no longer influenced.
This behavior can be selected via the machine data 36904
$MA_SAFE_ADD_FUNCTION_MASK, Bit 0 = 1.
Activation of the AUS3 ramp takes place via the drive monitoring channel. On acti-
vation of STOP B/C in this monitoring channel the AUS3 function is also activated.
If there is a time offset between activation of the STOP B/C in the NCK and drive
monitoring channel, the velocity setpoint for this time difference remains un-
changed. By replacing the stop response is between NCK and drive monitoring
channels the maximum time amounts to one monitoring cycle.
The machine data M$MA_SAFE_ADD_FUNCTION_MASK, bit 0 is included in the
axis--specific checksum $MA_SAFE_ACT_CHECKSUM[0].

6.3.6 Description of STOP D

Action in the drive monitoring channel:

The drive monitoring channel requests a path stop or braking along the actual
acceleration characteristic. In parallel, the timer is started via parameter 9553
”Transition from STOP D to SBH”. The SBH function is automatically activated
after the timer expires.
Action in the NCK monitoring channel:
Essentially the same as the drive, the NC monitoring channel requests a path stop
or braking along the acceleration characteristic. In parallel, the timer is started
using MD36953 $MA_SAFE_STOP_SWITCH_TIME_D. The SBH function is auto-
matically activated after the timer expires.
S Effect:
The drive is braked in a group -- including simultaneous axes -- along the set
traversing path.
For axes, the acceleration characteristic is defined so that the axes stop within
the time saved in MD36953 $MA_SAFE_STOP_SWITCH_TIME_D. Therefore,
ensuring stopping with low associated stress on the machine.
If the acceleration behavior is now changed in the NC program, for a STOP D
the axes brake with the shortest transition time of all path axes, i.e. the transi-
tion times MD36953 must be set the same for all axes.
When booting, for all of the axes, the control checks whether the braking time
set in MD36953 is sufficient for the active acceleration characteristic of the axis.
When violated, the suppressible alarm 22001 ”Channel %1 Block%2 Axis %3:
Braking ramp longer than STOP D time. Reason: %4 has been output.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-135
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

For spindles, the actual acceleration characteristic is not adapted. The control
checks whether the braking time, set in MD36953
$MA_SAFE_STOP_SWITCH_TIME_D, is sufficient for all spindle operating
modes and configured gear stages. When violated, suppressible alarm 22002
”Channel %1 Spindle%2: Braking ramp longer than STOP D time. Gearbox
stage %3. Reason: %4 has been output. If the spindle is in axis operation, then
it behaves just like an axis.
For an active axis or spindle coupling (with the exception of the synchronous
spindle coupling), the coupling is no longer taken into consideration, if synchro-
nous stopping of the coupled group is no longer safely possible within the time
parameterized in MD $MA_SAFE_STOP_SWITCH_TIME_D. For a coupled
group, this is the reason that for all axes of the coupled group, a STOP D must
be set.
For the synchronous spindle coupling, when synchronous operation is reached,
the coupling is always maintained. The coupling group is always braked via the
leading spindle. If the following spindle requires a longer braking time than the
leading spindle, then MD $MA_SAFE_STOP_SWITCH_TIME_D must be
appropriately increased for the leading spindle.
When a synchronous spindle is active, STOP D should also be initiated for the
leading and following spindle.
Endlessly rotating axes are braked at the acceleration limit. The SBH function is
automatically activated after the timer expires.
When Alarm 22001/22002 is output, the following formulas are applied:

METRIC: SAFE_STOP_SWITCH_TIME_D > MAX_AX_VELO * 1/60000 / MAX_AX_ACCEL

INCH/ROT/ SAFE_STOP_SWITCH_TIME_D > MAX_AX_VELO * 1/60 / MAX_AX_ACCEL
SPINDLE:

For axes with jerk limitation, the minimum braking time is increased by the addi-
tional component:

2 * MAX_AX_ACCEL / MAX_AX_JERK

The check is made for NEWCONF, RESET, unparking an axis and for pro-
gramming ACC or JERKLIM.
The MD names contained in the formulas must, corresponding to the alarm
situation (the alarm occurs when parameterizing or when programming) may
have to be replaced by other values.

© Siemens AG 2015 All Rights Reserved

6-136 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

MD Alternative MD Program command

MAX_AX_ACCEL JOG_MAX_ACCEL ACC
MAX_AX_JERK JOG_AND_POS_MAX_JERK JERKLIM

Comment regarding INCH--METRIC switchover:

The calculated value should be rounded off to one decimal place so that for an
INCH--METRIC switchover, internal rounding effects can be compensated and no
undesirable alarms are initiated.
S Alarm message for an internally initiated STOP D:
The alarm message ”STOP D initiated” is output.
S Acknowledgment for an internally initiated STOP D:
An unintentional restart is prevented for STOP D. The error can be acknowl-
edged using the NC--RESET key.
SGA ”STOP D is active”
This signal indicates that STOP D is active.
0 signal: STOP D is not active.
1 signal: STOP D is active.

SGE deselect external STOP D

If a stop request is active, SGA ”STOP D is active” is set in the same way as it
would be for an internally triggered STOP D.
MD 36977 $MA_SAFE_EXT_STOP_INPUT[2] is used to define the selection/de-
selection of the external braking request, in this case ”deselect external STOP D”
(path braking).
An external STOP D can also be initiated in the drive monitoring channel from the
PLC--SPL CDC -- or the PROFIsafe/FSEND--FRECV communication interface on
the PLC side.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-137
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

6.3.7 Description of STOP E

Action in the drive monitoring channel:

The drive monitoring channel requests an extended stop and retract (ESR), con-
trolled from the NC. In parallel, the timer in parameter p9554 ”SI Motion transition
time from STOP E to SBH” is started. The SBH function is automatically activated
after the timer expires.
Action in the NCK monitoring channel:
An ESR is requested by the control monitoring channel. In parallel, the timer in
MD36954 $MA_SAFE_STOP_SWITCH_TIME_E is started. The SBH function is
automatically activated after the timer expires.
S Effect:
The extended stop and retract that have been configured are started.
S Alarm message:
The alarm message ”STOP E initiated” is displayed.
S Acknowledgment:
For STOP E, an unintentional restart is prevented. The error can be acknowl-
edged using the NC--RESET key.
SGA STOP E is active
This signal indicates that STOP E is active.
0 signal: STOP E is not active.
1 signal: STOP E is active.
The NC--controlled ESR is initiated by writing to the system variable
$AC_ESR_TRIGGER=1 (also see /FB3/, M3 ”Axis coupling and ESR”). To obtain
the criteria for initiating, the following SI system variables are used:
$VA_STOPSI:
Axis--specific system variable that contains the present stop.
For a value of 4, a Stop E is active for this axis.
$A_STOPESI:
Global system variable that displays a value not equal to 0 to indicate that a STOP
E is active on one of the axes. This variable saves the user having to search
through all of the axes.

SGE deselect external STOP E

When a stop request is active, the SGA ”STOP E is active” is set.
MD36977 $MA_SAFE_EXT_STOP_INPUT[3] defines the selection/deselection of
the external braking request, in this case ”deselect external STOP E” (extended
stopping and retraction plus path braking).
An external STOP E can also be initiated in the drive monitoring channel from the
PLC--SPL CDC -- or the PROFIsafe/FSEND--FRECV communication interface on
the PLC side.

© Siemens AG 2015 All Rights Reserved

6-138 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

Note
STOP E only produces a different response than STOP D if the user has
configured the ESR function -- extended stop and retract -- and initiation of the
ESR is programmed depending on $VA_STOPSI or $A_STOPESI.
If ESR is not active, the STOP E behaves like a STOP D. However, if the ESR
configuration is incorrect, there is a delay of up to 2 IPO cycles compared to
STOP D until the braking operation is initiated. Possible causes:
S The initiation of the ESR as static synchronous action does not take into
account the system variables $VA_STOPSI or $A_STOPESI.
S ESR is neither parameterized nor enabled.
S For individual PLC controlled axes, only the axis--specific ESR is used via
$AA_ESR_TRIGGER. This trigger may be used in addition to the
channel--specific trigger.
For other incorrect ESR programming, a delay by the time entered in
$MC_ESR_DELAY_TIME1 and $MC_ESR_DELAY_TIME2 is possible. After these
times have expired, braking is initiated at the current limit. Possible cause:
S The retraction position cannot be reached within the specified time.

Note
The ESR integrated in the drive can by triggered by writing to the system variable
$AN_ESR_TRIGGER (see also /FB3/, M3 ”Axis couplings and ESR”). The STOP
E delay time in MD36954 $MA_SAFE_SWITCH_TIME_E or drive parameter in
p9554 should be selected, so that the timer for ESR in p0892 is covered by the
SINAMICS basic system.
See also Chapter 11.10.1 ”Delayed pulse cancellation in the event of a
communication failure”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-139
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

6.3.8 Description of STOP F

The STOP F response is permanently assigned to the error handling (e.g. the
crosswise result and data comparison, detecting communication and encoder
faults).
If such as fault/error state is detected, then the following responses are triggered.
Response if no safety--related functions are active:
Faults/errors are also detected if none of the safety--related functions are active
(safety functions are SBH, SG, SE, SN, n<nx synchronization). The saved mes-
sage ”defect in a monitoring channel” is output on both the drive and control sides
and can only be acknowledged using the NC--RESET key. The message does not
interrupt machining. A system restart is prevented by an internal NC start/travers-
ing inhibit function. Dormant faults/errors are detected on the drive and control
sides.
Response if one safety--related function is active:
Faults/errors are detected and a STOP B/A response is initiated in the drive and
control system (see description of STOP B). The error can only be acknowledged
from the drive and control using a power on.
Exception: If an internal STOP C/D/E is already present, because STOP F has a
lower priority (see Chapter 6.3.1, Section ”Priority of the stop responses”).
S Alarm message:
Alarms 27001 ”Error in a monitoring channel” and/or 2710x ”Difference in func-
tion...” and C01711 ”SI Motion error in a monitoring channel” are displayed.
For further diagnostics, for Alarm 27001, a fine error coding is displayed in the
alarm line. The fine coding for the drive alarm can be found in r9725 ”SI Motion
diagnostics for STOP F” or in the SI status display under STOP F.
The significance of the error code is provided in Chapter 10.2 under Alarm
27001 ”Defect in a monitoring channel”.
A delay time before STOP B is initiated can be parameterized using MD36955
$MA_SAFE_STOP_SWITCH_TIME_F. During this time, the machine manufac-
turer can initiate an NC controlled response, e.g. ESR. After this time has expired,
the involved axis is braked with STOP B. This is also true if, in the meantime, a
stop with a higher priority than STOP F (STOP E, D, C) is present. The system
variables $VA_XFAULTSI and $A_XFAULTSI, bit 1 can be used to detect whether
a STOP F was initiated that is then followed by a STOP B. In the delay time up to
the STOP B, an ESR or braking along the programmed path can be initiated (e.g.
by writing to $AC_ESR_TRIGGER or initiating an external STOP D).
During the delay time up to initiating STOP B, additional, non--safety--related moni-
toring functions can already result in other braking responses. A STOP D or the
initiation of ESR can be influenced due to harder braking responses of the drive
(the same as e.g. the configured braking response when an encoder fails).

© Siemens AG 2015 All Rights Reserved

6-140 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

Note
For STOP F, when monitoring functions are active (SBH, SG, SE, not ”n<nx”,
however, ”Synchronization, hysteresis and filtering ”n<nx”), STOP B (braking at the
current limit with speed setpoint = 0) is defined as the following stop.

Warning
! If an internal or external fault occurs, as a result of the fault, during the STOP F
response the parameterized safety functions are either no longer available or only
with restrictions. This must be carefully taken into account when parameterizing
the delay time between STOP F and STOP B (MD36955 / p9555) and must be
taken into account in the risk analysis performed by the machine manufacturer.
This applies in particular to vertical axes.

Note
A delay time between STOP F and STOP B should only be set, if, during this time,
an alternative response is initiated by evaluating the system variables
$VA_XFAULTSI and $A_XFAULTSI.
Further, when using the delay time, a monitoring function should always be active
-- also in the automatic mode (e.g. SE, SN, SG with high limit switch). For
example, if the SBH monitoring function is only active on the drive side, for
example because of the (single--channel) failure of a door switch, then although
this results in a STOP F, the STOP F --> STOP B delay time on the NCK side is
not started if previously no monitoring function was active. This means that in this
case, the drive responds with a STOP B (however this is also initiated in the NCK
due to the exchange of the stop responses), but this is not displayed in the NCK
variables $VA_XFAULTSI and $A_XFAULTSI.
The appropriate monitoring functions of the drive (e.g. when SBH is selected) are
also executed instantaneously without any delay.

Note
The ESR integrated in the drive can by triggered by writing to the system variable
$AN_ESR_TRIGGER (see also Function Manual 3, M3 ”Axis couplings”). The
STOP F delay time in MD36955 $MA_SAFE_STOP_SWITCH_TIME_F or drive
parameter in p9555 should be selected, so that the timer for ESR in p0892 is
covered by the SINAMICS basic system.
See also Chapter 11.10.1 ”Delayed pulse cancellation in the event of a
communication failure”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-141
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

Remark:
When combined with ”ESR managed from the control”, theoretically the following
error is possible: Both monitoring channels (NCK and drive) trigger a STOP F;
however, a safety function is only active on the drive side (errors in the two SPL
channels, which are then most probably responsible for the STOP F). In this case,
the NCK does not trigger an ESR, because for the NCK no subsequent STOP B
can be identified. Conversely, this statement is also valid for the combination with
”ESR integrated in the drive” and a safety function is only active in the NCK. The
ESR integrated in the drive is then not started.
Example 1 -- delaying the transition from STOP F to STOP B
The speed characteristic of an axis for parameterized stopping is shown in
Fig. 6-7. In this case, the axis should continue 500 ms and then brake along the
parameterized ramp. A delay time of 2.5 s is selected until STOP B is initiated
($MA_SAFE_STOP_SWITCH_TIME_F).

v Continue to traverse (ESR)

Braking along a ramp

= stopping (ESR)

t1 t2 t3 t

Figure 6-7 Velocity characteristic of an SI axis when stopping with STOP F

The following actions take place at the following instants in time:

t1:
STOP F occurs, ESR is started
t2:
500 ms after t1, braking starts along the parameterized ramp
t3:
STOP B is initiated 2.5 s after t1. The axis is already stationary at this time, which
means that the pulses can be immediately cancelled.
Example 2 -- delaying the transition from STOP F to STOP B
The same parameterization as in Example 1 is shown in Fig. 6-8. However, when a
STOP F occurs, no monitoring function is active. At instant in time t2, a monitoring
function is activated. ESR is only started if there is a STOP F with active monitor-
ing function.

© Siemens AG 2015 All Rights Reserved

6-142 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

v Continue to traverse (ESR)

Braking along a ramp

= stopping (ESR)

t1 t2 t3 t4 t

Figure 6-8 Velocity characteristic of an SI axis when stopping with STOP F

The following actions take place at the following instants in time:

t1:
STOP F occurs, no response
t2:
At any time after t1, a monitoring function is activated. At this instant in time, the
transition to a STOP B is started and bits 1 in $A_XFAULTSI and $VA_XFAULTSI
of this axis are set.
t3:
500 ms after t2, braking starts along the parameterized ramp
t4:
STOP B is initiated 2.5 s after t2. The axis is already stationary at this time, which
means that the pulses can be immediately cancelled.
Example 3 for STOP F with interruption by STOP D
A retraction axis shown in Fig. 6-9. As a result of the high velocity of the retraction
motion, the SG monitoring for this axis initiates a STOP. After the transition time
from STOP F to STOP B expires, this braking ramp has still not been completed,
so that now the axis continues to brake with the STOP B response (nset=0 or
OFF3).

Start of retraction

SG Braking along a ramp

limit (STOP D)

Braking at the
current limit
(STOP B)

t1 t2 t3 t4

Figure 6-9 Velocity characteristic for retraction with SG violation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-143
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

The following actions take place at the following instants in time:

t1:
STOP F occurs, ESR starts
t2:
The set SG limit is exceeded, STOP D is initiated
t3:
After t1 + $MA_SAFE_STOP_SWITCH_TIME_F, STOP B is initiated, and the axis
starts to brake at the current limit / OFF3 ramp
t4:
STOP A is initiated after the axis comes to a standstill

6.3.9 Forced checking procedure of the external STOPs

The following applies for the test stop of external STOPs:
All stop SGEs that are used are switched one after the other in each channel and
the positive response evaluated using the associated SGA ”STOP x is active”.

Note
Only the enabled and activated external standstill functions have to be tested.

SGE ”deselect ext. STOP E”

SGA ”STOP E is active”

SGE ”deselect ext. STOP D”

SGA ”STOP D is active”

SGE ”deselect ext. STOP C”

SGA ”STOP C is active”

SGE ”deselect ext. STOP A”

SGA ”STOP A/B is active”

Figure 6-10 Sequence of the test stop for external STOPs. Example: External STOPs A, C, D, E are used

© Siemens AG 2015 All Rights Reserved

6-144 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.3 Safe Stops A--F

Which SGE/SGA are required for the test stop of external STOPs?
The following SGE/SGA can be used to perform the test stop for external STOPs:

Table 6-9 SGE/SGA for the test stop for external STOPs

NCK NCK--SGE ”deselect ext. STOP A”

monitoring NCK--SGA ”STOP A/B is active”
channel
NCK--SGE ”deselect ext. STOP C”
NCK--SGA ”STOP C is active”

NCK--SGE ”deselect ext. STOP D”

NCK--SGA ”STOP D is active”

NCK--SGE ”deselect ext. STOP E”

NCK--SGA ”STOP E is active”
Drive PLC--SGE ”deselect ext. STOP A”
monitoring PLC--SGA ”STOP A/B is active”
channel
PLC--SGE ”deselect ext. STOP C”
PLC--SGA ”STOP C is active”

PLC--SGE ”deselect ext. STOP D”

PLC--SGA ”STOP D is active”

PLC--SGE ”deselect ext. STOP E”

PLC--SGA ”STOP E is active”

6.3.10 Canceling stopping delay times

The transition times

-- SG --> SBH $MA_SAFE_VELO_SWITCH_DELAY
-- STOP C --> SBH $MA_SAFE_STOP_SWITCH_TIME_C
-- STOP D --> SBH $MA_SAFE_STOP_SWITCH_TIME_D
-- STOP E --> SBH $MA_SAFE_STOP_SWITCH_TIME_E
define the time period from requesting a stop until switchover to a safe operating
stop. These stopping delay times should be parameterized so that for the worst
case scenario (maximum velocity, low acceleration capability), the axis or spindle
involved can stop within this time. Otherwise, for the subsequent switchover to a
safe operating stop, the SBH limits could be exceeded, which in turn would initiate
a STOP B/A response. This situation can then only by acknowledged by a
restarting again.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-145
Safety functions integrated in the system/drive 10/15
6.3 Safe Stops A--F

A setting corresponding to the worst case scenario means that for a stopping
operation, e.g. from a lower velocity to reach standstill, a wait time is incurred until
a safe operating stop is assumed.
In many cases, protective doors can only be opened after the system has switched
over to a safe operating stop; this means wait times for users. Wait times can be
reduced by making the appropriate parameter assignment:
In this case, a switchover is not made to the safe operating stop after the actual
transition time, but as soon as standstill is identified, and a short transition time has
elapsed.
The following machine data are used:
S $MA_SAFE_STANDSTILL_VELO_LIMIT
Switchover speed SBH/SG
Velocity limit with which the axis monitoring channel identifies standstill. A delay
time is started, if this velocity limit is fallen below for a stop request or an SG
stage switchover.
S $MA_SAFE_STANDSTILL_DELAY
Delay time, switchover to SBH/SG
After this time, for a stop request, a safe operating stop or an SG stage switch-
over is activated. This time is used to bridge the time from identifying the stand-
still velocity down to actual standstill.
It should be noted that time $MA_SAFE_STANDSTILL_DELAY only becomes
active at the instant that standstill is actually identified (v < $MA_SAFE_STAND-
STILL_VELO_LIMIT) the remaining time from starting the stop request up to
switching over to SBH or the lower SG stage (stopping delay time) is greater than
the value in this machine data (delay time, switchover to SBH/SG).
If the stop request sequence (with respect to time) has progressed so that the
originally started stopping delay time already expires before $MA_SAFE_STAND-
STILL_DELAY expires, then the originally initiated operation is exited unchanged.
This therefore ensures that the switchover to SBH occurs at the latest after the
stopping delay time.
Activation:
The function is active if a value > 0.0 is entered in MD37920 $MA_SAFE_STAND-
STILL_VELO_LIMIT.
Supplementary conditions:
When switching over from SG to SBH using SGE ”deselect safe operating stop”,
the function can only operate if a setpoint velocity limit is activated using MD36933
$MA_SAFE_DES_VELO_LIMIT.
Even when switching over from ”non--safety operation” (neither SG nor SBH
active) to SBH, the function cannot be used because a delay time has not been
defined for this switchover operation -- and the switchover to SBH is realized
without delay.

© Siemens AG 2015 All Rights Reserved

6-146 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.4 Safe acceleration monitoring (SBR)

6.4 Safe acceleration monitoring (SBR)

Description
Using this function, the effectiveness of braking, initiated using stop responses B
and C, along the current limit/OFF3 ramp is checked through two channels.

Features
The most important features include:
S Fastest possible detection if the axis starts to re--accelerate when braking
S SBR is automatically activated, when a STOP B or C has been initiated
S When SBR responds, a STOP A is initiated and Alarm 27013 ”Axis %1 safe
monitoring for acceleration exceeded” and the drive messages C01706/C30706
”Acceleration monitoring limit exceeded” initiated.
S For an encoder fault in a 1--safety encoder system, the ”Safe acceleration moni-
toring” function is not active as a result of the defective encoder. Depending on
how parameter p9516 has been parameterized, a Category 0 or Category 1
(EN 60204--1) stop response is realized (also refer to the warning notes in
Chapter3.5 ”Safety information & instructions and residual risks”).
In case of a Category 1 stop response, the standard system brakes the defec-
tive drive at with the current limit. The pulses are canceled after the speed para-
meterized in MD36960 $MA_SAFE_STANDSTILL_VELO_TOL -- or the time
parameterized in MD36956 $MA_SAFE_PULSE_DISABLE_DELAY.

Activating the SBR

When a STOP B or C is initiated, the actual speed plus the speed tolerance,
defined in the machine data/parameter, is activated as the speed limit. When the
actual decreases, then this speed limit is correspondingly corrected; however, for
an increased speed, it is not changed. If the drive speed exceeds the actual speed
limit then a STOP A is initiated. If the axis starts to re--accelerate while braking,
this is detected as quickly as possible and prevented.
Machine data/parameters for the SBR speed tolerance:
for 840D sl:
MD36948 $MA_SAFE_STOP_VELO_TOL
for SINAMICS S120:
p9548 SI Motion SBR actual velocity tolerance (Control Unit)
The speed limit is corrected until the speed, defined in the following machine data,
is undershot (fallen below). After that, the limit value of the SBR monitoring is
frozen to the value in MD/parameter 36946/p9546 plus the value in MD/parameter
36948/p9548.
for 840D sl:
MD36946 $MA_SAFE_VELO_X (velocity limit n<nx)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-147
Safety functions integrated in the system/drive 10/15
6.4 Safe acceleration monitoring (SBR)

for SINAMICS S120:

p9546 SI Motion SSM (SGA n < nx) velocity limit (CU)

n Stopping limit value

Speed tolerance
STOP B/C initiated
nact

nx

Figure 6-11 Characteristic of the stopping limit value for SBR

Calculating SBR tolerance of the actual speed

The following rules are valid for the parameterization of SBR tolerance:
The possible speed increase after initiating a STOP B/C is obtained from the effec-
tive acceleration a and the duration of the acceleration phase. The acceleration
phase lasts from one monitoring clock cycle MC (delay from detecting a STOP B/C
until nset = 0 / activation OFF3 ramp):
SBR tolerance
Actual speed SBR = acceleration * acceleration duration
The following setup rule is derived thereof:
For a linear axis:
SBR tolerance [mm/min] = a [m/s2] * MC [s] * 1000 [mm/m] * 60 [s/min]
For rotary axis/spindle:
SBR tolerance [rev/min] = a [rev/s2] * MC [s] * 60 [s/min]
The following machine data should be taken into account when determining the
acceleration:

MD32300 MAX_AX_ACCEL
MD35200 GEAR_STEP_SPEEDCTRL_ACCEL
MD35210 GEAR_STEP_POSCTRL_ACCEL
MD35410 SPIND_OSCILL_ACCEL

© Siemens AG 2015 All Rights Reserved

6-148 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.4 Safe acceleration monitoring (SBR)

Recommendation:
The value entered for the SBR tolerance should be approx. 20% higher than the
calculated value.
A velocity overshoot must be taken into account when braking with nset=0. The
overshoot must be less than the sum of $MA_SAFE_STOP_VELO_TOL and nx
velocity limit or $MA_SAFE_VELO_X -- $MA_SAFE_VELO_X_HYSTERESIS
(if synchronization, hysteresis and filtering n<nx active). This must be checked by
taking the appropriate measurements, as otherwise the SBR function could be
inadvertently initiated, therefore resulting in a STOP A.

Timing when the actual stop limit value is exceeded

If the safe acceleration monitoring function is active, then the following timing is
obtained when the actual stop limit value is exceeded:

c) Start of the
n Limit value stop response
exceeded
Actual stop b)
limit value Error case
a)
n act

t1

t
t2 not to scale

t3
t4 t6

t5
t7

Figure 6-12 Timing when the actual stop limit value for SBR is exceeded

Table 6-10 Explanation of the figure

Time Explanation
t1 The position control clock cycle, defined by the following MDs:
MD10050 $MN_SYSCLOCK_CYCLE_TIME
MD10060 $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle, defined by the following MDs:
for 840D sl:
MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
for SINAMICS S120:
r9500 SI Motion monitoring clock cycle (Control Unit)
t3 Time between an error occurring and a limit value being reached

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-149
Safety functions integrated in the system/drive 10/15
6.4 Safe acceleration monitoring (SBR)

Table 6-10 Explanation of the figure, continued

Time Explanation
t4 Time until a limit value violation is detected
(typical 1 monitoring clock cycle, maximum 1.5 monitoring clock cycles + 1 position controller
clock cycle)
t5 Response time that is required to introduce the stop response
(typical 2 monitoring clock cycles, maximum 2.5 monitoring clock cycles + 1 position controller
clock cycle)
t6 Time until the stop response that was initiated starts
(typical 2 ms, maximum 3 position controller clock cycles + 8 ms)
t7 Time required to bring the axis to a standstill.
This time and thus the residual distance traveled by the axis is determined by the axis design
(motor, mass, friction, ...).

Note
During ”normal” operation, speed overshoot should not unintentionally initiate the
SBR. Speed overshoot should therefore be checked by making the appropriate
measurements.

Warning
! If the safe standstill function or ”STOP A” is activated, the motor can no longer
generate any torque. This is the reason that potentially hazardous motion can
occur, e.g. for the following:
S When an external force acts on the drive axes
S Vertical and inclined axes without weight equalization
S Axes that are moving (coasting down)
S Direct drives with low friction and low self--locking
S Notching torques (depending on the motor type, bearing design and friction
characteristics, up to half a pole pitch in a direction that cannot be predicted)
Possible hazards must be clearly identified using a risk analysis that must be
carried out by the manufacturer. With an assessment, based on this risk analysis,
it should be defined as to which additional measures are required, e.g. external
brakes.

© Siemens AG 2015 All Rights Reserved

6-150 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.5 Safely reduced speed (SG)

6.5 Safely reduced speed (SG)

Description
The purpose of the SG (safely reduced speed) function is to safely monitor the
load--side speed of an axis/spindle.
The actual speed of the axis/spindle is cyclically compared in the monitoring clock
cycle with the speed limit value selected using SGEs. The speed limit values are
defined in the following machine data/parameters:
for 840D sl:
MD36931 $MA_SAFE_VELO_LIMIT[n]
for SINAMICS S120:
p9531 SI Motion SLS (SG) limits (Control Unit)
The speed limit values for SG1, SG2, SG3 or SG4 allow various applications/
operating states on the machine to be monitored. The safely reduced speed func-
tion can therefore be used to implement protective measures for the operating
personnel and machine in the setting--up mode or also in automatic operation.

Warning
! For control gears, it is important to select the correct gear ratio!

Features
The features of the SG function are as follows:
S Load--side speed limit values are safely monitored
S Monitoring limit values are adapted to various operating states (e.g. test,
setting--up, automatic modes)
S Configurable stop response when the SG responds

Preconditions
The following conditions must be fulfilled:
S The option and functions must be enabled in the axis--specific machine data
S The SGEs ”SBH/SG deselection” and ”SBH deselection” must be configured

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-151
Safety functions integrated in the system/drive 10/15
6.5 Safely reduced speed (SG)

Specifying velocities and speeds

The requirements regarding speeds and velocities that are stipulated for individual
processes (milling, turning, grinding, etc.) vary depending on the different C
Standards. For example, the following could be specified for the setting--up mode:
Safely reduced speed with 2 m/min for feed drives and
50 rpm for spindle drives or standstill within 2 revolutions.
The machine manufacturer must parameterize SI in such a way as to ensure full
compliance with the EC Machinery Directive. The relevant standards provide the
necessary guidelines and support.
Quantities that influence the parameterization include, e.g. the drive dynamic
response, the set parameters with their delay times, electrical and mechanical gear
ratios and all of the mechanical properties and characteristics. The interrelation-
ships between the drive dynamic response and internal delay times of SI are
shown in Fig. 6-14 ”Timing when exceeding the limit value for SG”.

6.5.1 Speed monitoring, encoder limit frequency

When SBH/SG is active in a configuration with a 1--encoder, the speed is moni-

tored to ensure that it does not exceed a maximum encoder limit frequency. An
appropriate alarm is output if this limit is exceeded.

Encoder limit frequency

The encoder limit frequency is 500 kHz. When the encoder limit frequency in SG is
exceeded, the SG--specific parameterized stop is initiated.

Note
Monitoring against a limit frequency of 500 kHz is not performed for DRIVE--CLiQ
encoders.

© Siemens AG 2015 All Rights Reserved

6-152 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.5 Safely reduced speed (SG)

6.5.2 Selecting/deselecting safely reduced speed

Selecting SG
The following SGEs are used to select SG:

Table 6-11 Selecting/deselecting SG

SGE
SBH/SG SBH Meaning
deselection deselection
=1 x SBH and SG are deselected
=0 =0 SBH is selected
(see Chapter 6.2, ”Safe operating stop (SBH)”
=0 =1 SG is selected
Note: x --> Any signal state

Note
The actual status of the function is displayed using the SGA ”SBH/SG active” and
SGA ”SBH active”.
Before activating the SG function it must be ensured that the speed of the
axis/spindle is lower than the selected speed limit value. If it is higher, an alarm is
generated that causes the drive to be shut down.
The SGEs and SGAs are described in Chapter 7.1 ”Safety--related input/output
signals (SGE/SGA)”.

Selecting speed limit values

The maximum permissible speed of an axis/spindle in the setting--up mode is
defined for individual machine types in the C Standards (product standards). The
machine manufacturer is responsible for ensuring that the correct speed limit value
is selected depending on the operating mode and the application.
The required speed limit is selected as follows by combining the following SGEs:

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-153
Safety functions integrated in the system/drive 10/15
6.5 Safely reduced speed (SG)

Table 6-12 Selecting speed limit values for SGs

SGE
SG selection SG selection Meaning
Bit 1 Bit 0
=0 =0 Speed limit value for SG1 active
=0 =1 Speed limit value active for SG2 1)
=1 =0 Speed limit value for SG3 active
=1 =1 Speed limit value active for SG4 1)
Note:
1) The SG limit values SG2 and SG4 can be finely graduated using the SG override
(see Chapter 6.5.4, ”Override for safely reduced speed”.
The active SG stage is displayed using SGA ”SGA active bit 0” and ”SGA active bit 1”.

Changeover of speed limits

A changeover from a lower to a higher speed limit value takes effect instanta-
neously without any delay.
When changing--over from a higher to a lower limit value, then a delay time is
started that is parameterized using the machine data
(see Fig. 6-13, ”Timing when changing--over from a higher to a lower speed limit”).
for 840D sl:
MD36951 $MA_SAFE_VELO_SWITCH_DELAY
for SINAMICS S120:
p9551 SI Motion SLS(SG) changeover delay time (Control Unit) /
The axis/spindle must be braked sufficiently during the delay time so that it has
reached the reduced speed that is below the new limit value when the delay time
expires. However, if the actual speed is higher than the new limit value when the
time has expired, an appropriate alarm is output with the configurable stop
response.

© Siemens AG 2015 All Rights Reserved

6-154 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.5 Safely reduced speed (SG)

v
SG1
a) Braking is started
V1

SG2
V2

t
SGEs
for SG1
SGEs
for SG2
Delay time, speed changeover

SG1 is active SG2 is active

Braking time
Timer is active

Figure 6-13 Timing when changing--over from a higher to a lower speed limit

Deselecting SG
The SG function can be deselected at any speed by activating the SGE ”SBH/SG
deselection”.

Warning
! The delay time must also be selected as a function of the distance to the
hazardous location. The speeds to be taken into account (speed at which
hands/arms are moved to appropriately arrange protective devices/guards) are
specified in Standard DIN EN ISO 13855.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-155
Safety functions integrated in the system/drive 10/15
6.5 Safely reduced speed (SG)

6.5.3 Effects when the limit value is exceeded for SG

Configurable stop response

When the selected speed limit value is violated, a stop response configured in the
following machine data/parameters is generated:
for 840D sl:
MD36961 $MA_SAFE_VELO_STOP_MODE
MD36963 $MA_SAFE_VELO_STOP_REACTION[n]
for SINAMICS S120:
p9561 SI Motion SLS (SG) stop response (Control Unit)
p9563[0...3] SI Motion SLS (SG)--specific stop response (Control Unit)

Note
S An alarm is displayed (for 840D sl: 27011, for SINAMICS S120: F01714). After
the cause of the fault has been removed, the alarm can be acknowledged with
RESET. The monitoring function is then again active.
S Depending on the selected monitoring clock cycle, the dynamic drives may
cause a brief increase in speed on the monitored axis/spindle before the stop
response sequence starts.
S For traversing modes which use a transformation with singularity points
(e.g. 5--axis transformation and TRANSMIT), relatively high axis--specific
speeds occur at these points. These speeds can initiate stop responses even
though the Cartesian motion of the tool center point (TCP) is below the
selected speed limit value.
The monitoring functions provided by SI are basically axis--specific. This means
that it is not possible to directly monitor the TCP.

© Siemens AG 2015 All Rights Reserved

6-156 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.5 Safely reduced speed (SG)

Timing when the limit value is exceeded

When the safely reduced speed function is active, then the timing is as follows
when the limit value is violated:

c) Start of the
n Limit value stop response
exceeded
b)
SG
Error case
a)
n act

t1

t
t2 not to scale

t3
t4 t6

t5
t7

Figure 6-14 Timing when the limit value is exceeded for SG

Table 6-13 Explanation of the figure

Time Explanation
t1 The position control clock cycle, defined by the following MDs:
MD10050 $MN_SYSCLOCK_CYCLE_TIME
MD10060 $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle, defined by the following MDs:
for 840D sl:
MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
for SINAMICS S120:
r9500 SI Motion monitoring clock cycle (Control Unit)
t3 Time between an error occurring and a limit value being reached
t4 Time until a limit value violation is detected
(typical 1 monitoring clock cycle, maximum 1.5 monitoring clock cycles + 1 position controller
clock cycle)
t5 Response time required to initiate the configured stop response
(typical 2 monitoring clock cycles, maximum 2.5 monitoring clock cycles + 1 position controller
clock cycle)
t6 Time until the stop response that was initiated starts
(STOP A: typical 2 ms, maximum 3 position controller clock cycles + 8 ms)
(STOP B/C: typical 2 position controller clock cycles, maximum 2 position controller clock cycles)
(STOP D/E: typical 2 interpolation clock cycles, maximum 2 interpolation clock cycles + 2 monito-
ring clock cycles)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-157
Safety functions integrated in the system/drive 10/15
6.5 Safely reduced speed (SG)

Table 6-13 Explanation of the figure, continued

Time Explanation
t7 Time required to bring the axis to a standstill.
This time and thus the residual distance traveled by the axis is determined by the axis design
(motor, mass, friction, ...) and the configured stop response (STOP C is faster than STOP D).
Note:
Each axis must be measured during commissioning (start--up) to determine the distance that it travels
between the limit switch being violated and it coming to a standstill.

Configurable SG specific stop responses

Using the configurable SG--specific stop response, a suitable braking behavior can
be set for every SG stage in--line with the application when the particular speed
limit value is exceeded.
For example, when:
SETTING--UP, the SG stage SG2 can be active with the configured stop response
STOP C and
in the AUTOMATIC mode, the SG stage SG4 with the configured stop response
STOP D.

Activation
The function is active, if MD / parameter 36961/p9561
$MA_SAFE_VELO_STOP_MODE = 5 / SI Motion SLS (SG) stop response
(Control Unit) = 5.

Setting the configurable SG--specific stop responses

The SG--specific stop responses can be set using the following machine data:
for 840D sl:
MD36963 $MA_SAFE_VELO_STOP_REACTION[n]
for SINAMICS S120:
p9563[0...3] SI Motion SLS(SG)--specific stop response (Control Unit)

© Siemens AG 2015 All Rights Reserved

6-158 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.5 Safely reduced speed (SG)

6.5.4 Override for safely reduced speed

General information
16 SG override stages for the limit values of safely reduced speeds 2 and 4 can be
entered using SGEs. This means that the limit values for SG2 and SG4 can be
more finely graduated.
Using the following machine data, an override stage can be assigned factors of
between 1 and 100%:
for 840D sl:
MD36932 $MA_SAFE_VELO_OVR_FACTOR[n]
for SINAMICS S120:
p9532[0...15] SI Motion SLS (SG) override factor (Control Unit)

Application example
For grinding applications, the limit value for the safely reduced speed can be
adjusted to the variations in the grinding wheel peripheral speed using the SG
override.

Activation
The following prerequisites must be fulfilled before the function can be used:
S Function enable via MD36901 / parameter p9501
$MA_SAFE_FUNCTION_ENABLE, bit 5 / SI Motion enable, safety functions,
bit 5
S The SBH/SG function is enabled via MD36901/parameter p9501:
$MA_SAFE_FUNCTION_ENABLE, bit 0 / SI Motion enable, safety functions
(Control Unit), bit 0
S The required SGEs ”SG override selection bits 3, 2, 1, 0” have either been
completely or partially configured
S The SG override factors in the corresponding MD36932 / parameter p9532
have been entered: $MA_SAFE_VELO_OVR_FACTOR[n] / p9532[0...15] SI
Motion SLS (SG) overridefaktor (Control Unit)
S Safely reduced speed 2 or 4 has been activated

Changing--over an SG override
SG override values are changed--over subject to the same conditions as those that
apply to speed limit values.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-159
Safety functions integrated in the system/drive 10/15
6.5 Safely reduced speed (SG)

Table 6-14 Changing--over SG override stages

Switchover Description
From lower to higher Instantaneous
From higher to lower The time parameterized using MD36951/p9551 is started. The
axis/spindle must be braked within this delay time.
Note: See Chapter 6.5.2, ”Selecting/deselecting safely reduced speed”

Note
Changing between SGEs ”SG override selection, bits 3, 2, 1, 0” continuously and
quickly may initiate a STOP F.

Selecting an SG override
The active speed limit value (SG1, 2, 3 or 4) is selected using SGEs ”SG selection
bits 1 and 0”. The desired override is selected by combining SGEs ”SG override
selection bits 3, 2, 1 and 0”. The override is only effective for the speed limit value
for SG2 and SG4.

Table 6-15 Selecting the SG override for safely reduced speed

SGE
SG SG SG SG SG SG Meaning
selec- selec- override override override override
tion tion selection selection selection selection
Bit 1 Bit0 Bit 3 Bit 2 Bit 1 Bit 0
=0 =0 x x x x Speed limit value for SG1
active
=0 =1 =0 =0 =0 =0 Speed limit value for SG2
active with override stage 0
-- ” -- =0 =0 =0 =1 ... with override stage 1
-- ” -- =0 =0 =1 =0 ... with override stage 2
-- ” -- =0 =0 =1 =1 ... with override stage 3
-- ” -- =0 =1 =0 =0 ... with override stage 4
-- ” -- =0 =1 =0 =1 ... with override stage 5
-- ” -- =0 =1 =1 =0 ... with override stage 6
-- ” -- =0 =1 =1 =1 ... with override stage 7
-- ” -- =1 =0 =0 =0 ... with override stage 8
-- ” -- =1 =0 =0 =1 ... with override stage 9
-- ” -- =1 =0 =1 =0 ... with override stage 10
-- ” -- =1 =0 =1 =1 ... with override stage 11
-- ” -- =1 =1 =0 =0 ... with override stage 12

© Siemens AG 2015 All Rights Reserved

6-160 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.5 Safely reduced speed (SG)

Table 6-15 Selecting the SG override for safely reduced speed, continued

SG SG SG SG SG SG Meaning
selec- selec- override override override override
tion tion selection selection selection selection
Bit 1 Bit0 Bit 3 Bit 2 Bit 1 Bit 0
-- ” -- =1 =1 =0 =1 ... with override stage 13
-- ” -- =1 =1 =1 =0 ... with override stage 14
-- ” -- =1 =1 =1 =1 ... with override stage 15
=1 =0 x x x x Speed limit value for SG3
active
=1 =1 =0 =0 =0 =0 Speed limit value for SG4
active with override stage 0
-- ” -- =0 =0 =0 =1 ... with override stage 1
-- ” -- =0 =0 =1 =0 ... with override stage 2
-- ” -- =0 =0 =1 =1 ... with override stage 3
-- ” -- =0 =1 =0 =0 ... with override stage 4
-- ” -- =0 =1 =0 =1 ... with override stage 5
-- ” -- =0 =1 =1 =0 ... with override stage 6
-- ” -- =0 =1 =1 =1 ... with override stage 7
-- ” -- =1 =0 =0 =0 ... with override stage 8
-- ” -- =1 =0 =0 =1 ... with override stage 9
-- ” -- =1 =0 =1 =0 ... with override stage 10
-- ” -- =1 =0 =1 =1 ... with override stage 11
-- ” -- =1 =1 =0 =0 ... with override stage 12
-- ” -- =1 =1 =0 =1 ... with override stage 13
-- ” -- =1 =1 =1 =0 ... with override stage 14
-- ” -- =1 =1 =1 =1 ... with override stage 15
x: Signal status is optional since override values are not effective for SG1 and SG3

Configuring NCK--SGE
NCK--SGEs (override selection bits 3, 2, 1, 0) are configured using the following
machine data:
for 840D sl:
MD36978 $MA_SAFE_OVR_INPUT[n]
(input assignment for override selection)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-161
Safety functions integrated in the system/drive 10/15
6.5 Safely reduced speed (SG)

Defining SG override factors

The following machine data are used to define the SG override factors themselves
(percentage values):
for 840D sl:
MD36932 $MA_SAFE_VELO_OVR_FACTOR[n]
for SINAMICS S120
p9532[n] SI Motion SLS (SG) override factor (Control Unit)

6.5.5 Example: Override for safely reduced speed

Task
When safely reduced speeds are selected, the speed limit values must be set as
follows.

Table 6-16 Application example of how override is used for safely reduced speed

SGE SG SGE override Effective speed limit value

selec- selection
tion
Bit Bit Bit Bit Bit Bit Assumptions for the example
1 0 3 2 1 0
0 0 x x x x Limit value 1 1000 mm/min
0 1 0 0 0 0 Limit value 2 with override stage 0 100 % = 2000 mm/min
-- ” -- 0 0 0 1 Limit value 2 with override stage 1 80 % = 1600 mm/min
-- ” -- 0 0 1 0 Limit value 2 with override stage 2 50 % = 1000 mm/min
-- ” -- 0 0 1 1 Limit value 2 with override stage 3 30 % = 600 mm/min
1 0 x x x x Limit value 3 4000 mm/min
1 1 0 0 0 0 Limit value 4 with override stage 0 100 % = 5000 mm/min
-- ” -- 0 0 0 1 Limit value 4 with override stage 1 80 % = 4000 mm/min
-- ” -- 0 0 1 0 Limit value 4 with override stage 2 50 % = 2500 mm/min
-- ” -- 0 0 1 1 Limit value 4 with override stage 3 30 % = 1500 mm/min
Notes:
x: Signal status is optional since override values are not effective for SG1 and SG3
SGEs ”SG override selection bit 3 and bit 2” are not required to select an SG override -- i.e. they do not
need to be configured (they are internally set to ”0”).

© Siemens AG 2015 All Rights Reserved

6-162 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.5 Safely reduced speed (SG)

Assumptions for the example

S Defining the SGEs in the NCK monitoring channel
I/O number for signal SG selection, bit 1: --> OUTSI[13]
I/O number for signal SG selection, bit 0: --> OUTSI[14]
I/O number for signal override, bit 1: --> OUTSI[17]
I/O number for signal override, bit 0: --> OUTSI[18]

Defining machine data

Table 6-17 Supplying the MD for the velocity limit values

for 840D sl for SINAMICS S120

Limit value MD number Value Parameter No. Value
SG1 36931[0] 1000 p9531[0] 1000
SG2 36931[1] 2000 p9531[1] 2000
SG3 36931[2] 4000 p9531[2] 4000
SG4 36931[3] 5000 p9531[3] 5000

Table 6-18 Supplying the MD for the SGE

Signal Assignment
SGE MD number Value
SG selection, bit 1 36972[1] 0401010D
SG selection, bit 0 36972[0] 0401010E
SG override selection, 36978[1] 04010111
bit 1
SG override selection, 36978[0] 04010112
bit 0

Table 6-19 Supplying the MD for the override factors

Override for 840D sl for SINAMICS S120

MD number Value Parameter No. Value
0 36932[0] 100 p9532[0] 100
1 36932[1] 80 p9532[1] 80
2 36932[2] 50 p9532[2] 50
3 36932[3] 30 p9532[3] 30

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-163
Safety functions integrated in the system/drive 10/15
6.6 Safe speed range identification ”n<nx”

6.6 Safe speed range identification ”n<nx”

The safe speed range detection function ”n<nx” (SGA ”n<nx”) is used to safely
detect the speed range of a drive. The speed range detection is evaluated on a
user--for--user basis, e.g. in so much that a protective door can only be re--enabled
if a spindle that is running--down has fallen below a certain speed.
The status signal ”n<nx” is generated through two channels. For this purpose, each
monitoring channel compares the actual velocity with a velocity limit that can be
adjusted via machine data (MD36946 $MA_SAFE_VELO_X) -- and resulting from
this, the SGA ”n<nx” is set or deleted.
The result of this monitoring function is exchanged between the NCK and drive
monitoring channels and crosswise compared. In order that brief dynamic devia-
tions of the actual velocity between the monitoring channels does not result in an
error being initiated in the crosswise data comparison, a tolerance band is defined
in which the crosswise data comparison does not immediately result in the above
mentioned alarm. Alarm 27001 or 27106 is only output and the appropriate stop
response initiated when the velocity deviation between the two monitoring chan-
nels is so large that this tolerance is exceeded (this corresponds to the behavior for
the crosswise monitoring of the results to compare the actual position with the
output cam positions).
The machine data $MA_SAFE_VELO_X is subject to a crosswise data
comparison.
The function can be deactivated by writing the value of 0.0 to MD
$MA_SAFE_VELO_X.

6.6.1 Base function ”n<nx”

If a value greater than 0.0 is parameterized in machine data $MA_SAFE_VELO_X,

then safe speed range detection ”n< nx” is generally enabled.
An extension of the basic functionality ”n< nx” is possible by setting bit 16 in
MD36901 $MA_SAFE_FUNCTION_ENABLE: ”Synchronization, filtering, and
hysteresis ”n< nx”. This extension is described in detail in Chapter 6.6.2.
For the basic function ”n<nx”, the following speed monitoring is performed:
If the absolute actual velocity exceeds the limit value set in machine data
$MA_SAFE_VELO_X, then the SGA ”n<nx” is deleted. If the absolute actual
velocity drops below the set limit value, then SGA ”n<nx” is set again.

© Siemens AG 2015 All Rights Reserved

6-164 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.6 Safe speed range identification ”n<nx”

MD36942 $MA_SAFE_POS_TOL is used as tolerance for the crosswise com-

parison. Alarm 27001 or 27106 is only output and the appropriate stop response
initiated when the velocity deviation between the two monitoring channels is so
large that this tolerance is exceeded.

+n +n
nx+posTol
nx

--nx

--nx --posTol
t
Tolerance range
Actual speed for crosswise
data comparison SGA ”n<nx”
SGA ”n<nx” = 1

Figure 6-15 n<nx value ranges

Defining nx
The speed limit nx is defined using the following MD / following parameters:
for 840D sl:
MD36946 $MA_SAFE_VELO_X
for SINAMICS S120:
p9546 SI Motion SSM (SGA n<nx) speed limit (CU)

Response time and error responses

Typical response time for n<nx:
1 interpolation clock cycle + 2 monitoring clock cycles
Maximum response times: 1 position controller clock cycle + 5.5 monitoring clock
cycles + 2 interpolation clock cycles + 3 PLC cycles

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-165
Safety functions integrated in the system/drive 10/15
6.6 Safe speed range identification ”n<nx”

Warning
! A STOP F (displayed using Alarms 27001, 27101 and onwards or F01711) only
results in a subsequent STOP B/A response, if at least one of the safety--related
functions SBH, SG, SE, SN or n<nx synchronization is active or selected. If only
the function ”n<nx” is active, then a STOP F does not result in a subsequent STOP
B/A response.
This means that if ”n<nx” is used as a safety function, then at least one of the
SBH, SG, SE or SN functions must be active or selected (e.g. by selecting a high
SG stage).

Note
If the axis/spindle runs at a speed nx, then as a result of actual differences in the
two monitoring channels, the SGA ”n<nx” can have different states.
This must be taken into account in the safe processing of the SGAs.

6.6.2 Function ”Synchronization, hysteresis and filtering n<nx”

As a result of actual value differences (2--encoder system) in the two monitoring

channels, static or dynamic differences can occur at the SGA ”n<nx”, which makes
it very difficult to externally further process the signals. This is the reason that the
”n<nx” signals of the two monitoring channels associated with the NCK and the
drive are synchronized before further processing.
In addition, a hysteresis is implemented to prevent the SGA ”nx” from continually
switching as a result of slight speed fluctuations around the threshold ”n<nx”. For
actual value fluctuations, for example caused by mechanical vibration at the
machine, SGA ”n<nx” is kept stable by filtering the speed actual value.
In order to be able to use the ”Synchronization, hysteresis and filtering” function,
bit 16 must be set in machine data $MA_SAFE_FUNCTION_ENABLE. The speci-
fied 3 functions can only be enabled together. Further, the speed monitoring func-
tion n<nx must always be activated by a value greater than 0.0
For 840 D sl:
MD36946 $MA_SAFE_VELO_X
for SINAMICS S120:
p9546 SI Motion SSM (SGA n<nx) speed limit (CU)

© Siemens AG 2015 All Rights Reserved

6-166 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.6 Safe speed range identification ”n<nx”

The following diagram shows possible different speed characteristics in the NCK
and drive, and the effect of synchronization and hysteresis on the SGA ”n<nx”.
Tol = $MA_SAFE_VELO_X_HYSTERESIS
Speed characteristic NCK
+n
Speed characteristic, drive
nx

nx tol

--nx+Tol
--nx

SGA ”n<nx” (NCK)

with
hysteresis

SGA ”n<nx” (DRV)

with
hysteresis

SGA ”n<nx”
with hysteresis
synchronized

Tolerance range: SGA ”n<nx” stage dependent on the SGA in the last monitoring cycle

SGA ”n<nx” =1

Figure 6-16 n<nx value range with synchronization and hysteresis

CDC tolerance
As tolerance in the crosswise data comparison for the extended nx functionality,
machine data $MA_SAFE_POS_TOL is not used, but instead
for 840D sl:
MD36947 $MA_SAFE_VELO_X_HYSTERESIS
for SINAMICS S120:
p9547 SI Motion SSM (SGA n<nx) speed hysteresis (CU)
This MD defines the maximum permissible velocity tolerance between the two
monitoring channels, and during ramp--up, a plausibility check is made to the
speed limit set in $MA_SAFE_VELO_X. In this case, the following must apply:
$MA_SAFE_VELO_X_HYSTERESIS ± 3/4 $MA_SAFE_VELO_X,

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-167
Safety functions integrated in the system/drive 10/15
6.6 Safe speed range identification ”n<nx”

otherwise, Alarm 27033 ”Axis %1 parameterization of MD

$MA_SAFE_VELO_X_HYSTERESIS invalid, error code %4” is issued. A cross-
wise data comparison error is only detected when the velocity deviation between
the two monitoring channels is greater than the tolerance in
$MA_SAFE_VELO_X_HYSTERESIS; Alarm 27001 or 27106 is then output and
the corresponding stop response is started.
The machine data $MA_SAFE_VELO_X_HYSTERESIS is subject to a crosswise
data comparison.

Hysteresis
Similarly, the new machine data 36947 $MA_SAFE_VELO_X_HYSTERESIS is
used to determine the magnitude of the hysteresis. As a result of the hysteresis,
the switching point of the SGA ”n<nx” changes as a function of the speed. As a
consequence, the SGA ”n<nx” no longer precisely switches at the speed limit ”nx”,
but instead, either at the nx threshold or at the nx threshold tolerance depending on
the SGA stage in the last monitoring cycle.

Tol = $MA_SAFE_VELO_X_HYSTERESIS
SGA ”n<nx”
--nx + tol

nx -- tol
--nx

nx

Figure 6-17 Hysteresis SGA ”n<nx”

The SGA ”n<nx” can therefore never have the value 1 at a speed greater than ”nx”!

Filtering
Filtering is realized using a PT1 filter with the filter time from
for 840D sl:
MD36945 $MA_SAFE_VELO_X_FILTER_TIME
for SINAMICS S120:
p9545 SI Motion SSM (SGA n < nx) filter time (Control Unit)
and is also performed in the two monitoring channels, NCK and drive.

© Siemens AG 2015 All Rights Reserved

6-168 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.6 Safe speed range identification ”n<nx”

If filtering is not necessary due to low system vibration levels or is impractical, it

can be deactivated by setting MD $MA_SAFE_VELO_X_FILTER_TIME to the
value 0.
MD $MA_SAFE_VELO_X_FILTER_TIME and the smoothed actual velocity value
with the tolerance from MD $MA_SAFE_VELO_X_HYSTERESIS are subject to
crosswise data comparison.
The smoothed, safe actual value of the NCK is also available in the servo trace.

Note
By parameterizing a filter time not equal to 0, the reaction time of the SGA ”n<nx”
increases according to the behavior of a PT1 filter.
The maximum time delay of the SGA ”n<nx” for a linear velocity increase/
decrease corresponds to the filter time parameterized in MD 36945.
Example:
Filter time = 20 ms => The parameterized nx limit is reached with a max. delay of
20 ms. Accordingly the SGA n<nx is also set to delay.
The maximum time delay of the SGA ”n<nx” for an erratic speed increase/
decrease corresponds to 3 times the filter time parameterized in MD36945.
Example:
Filter time = 20 ms => The parameterized nx limit is reached with a max. delay of
60 ms. Accordingly the SGA n<nx is also set to delay.

Synchronization
The synchronization of the SGA ”n<nx”, just like cam synchronization, is not per-
formed between the NCK and drive due to possible telegram failures (see Chapter
6.8.1), but instead, between the NCK and PLC by AND’ing the SGA ”n<nx”.
In order to ensure that a monitoring channel does not continuously return a 0 -- and
hence the SGA ”n<nx” would permanently remain at 0 -- SGA ”n<nx” is subject to a
crosswise data comparison between the NCK and drive and checked for plausibi-
lity.
For the display of the SGA ”n<nx” in the service screen and servo trace, the
following applies:
The value displayed in the SGA word contains the information from the relevant
monitoring channel including the hysteresis that is applied, but without synchroni-
zation.
If the actual value synchronization function in $MA_SAFE_FUNCTION_ENABLE,
bit 3 is enabled, then the velocity tolerance slip with velocity tolerance ”n<nx” must
be checked for plausibility. If the velocity tolerance ”n<nx” is less than the slip
tolerance, then Alarm 27033 ”Axis %1 parameterization of MD
$MA_SAFE_VELO_X_HYSTERESIS invalid, error code %4” is issued.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-169
Safety functions integrated in the system/drive 10/15
6.6 Safe speed range identification ”n<nx”

Warning
! A STOP F (displayed using Alarms 27001, 27101 and onwards or F01711) only
results in a subsequent STOP B/A response, if at least one of the safety--related
functions SBH, SG, SE, SN or synchronization, hysteresis and filtering ”n<nx” is
active or has been selected. If only the function ”n<nx” is active, then a STOP F
does not result in a subsequent STOP B/A response.
This means that if ”n<nx” is used as a safety function, then at least one of the
SBH, SG, SE or SN functions must be active or selected (e.g. by selecting a high
SG stage).

© Siemens AG 2015 All Rights Reserved

6-170 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.7 Safe software limit switches (SE)

6.7 Safe software limit switches (SE)

Note
The function ”safe software limit switches” (SE) is also known as ”safe limit
positions”.

Description
The ”safe software limit switches” function (SE) can be used to implement protec-
tive functions for operating personnel and machinery or working zone/protection
zone delimination for specific axes. For example, this function can replace hard-
ware limit switches.
Two ”safe software limit switches” (SE1 and SE2) are available for each axis. If the
SE function is active, limit switch position pair SE1 or SE2 can be selected as a
function of SGE ”SE selection”.

Defining the upper and lower limit values

The position limit values for the software limit switch position pairs 1 and 2 are
defined in the following machine data:
for 840D sl:
MD36934 $MA_SAFE_POS_LIMIT_PLUS[n]
MD36935 $MA_SAFE_POS_LIMIT_MINUS[n]
for SINAMICS S120:
p9534[n] SI Motion SLP (SE) upper limit values (Control Unit)
p9535[n] SI Motion SLP (SE) lower limit values (Control Unit)

Note
The upper and lower position limit values must be selected so that when the axis
is traversing in this direction, the software limit switches -- that are used as
standard -- are first reached.

Features
The most important features include:
S Software limit switches are safely defined and evaluated as a software function
S Configurable stop response when software limit switches are passed
S The stop response is implemented internally in the software (and is therefore
faster than a hardware limit switch response) when software limit switches are
passed (i.e. actuated)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-171
Safety functions integrated in the system/drive 10/15
6.7 Safe software limit switches (SE)

Preconditions
The following prerequisites must be fulfilled for the ”safe software limit switches”
function:
S The ”safe software limit switches” function must be enabled
S The axis/axes must have been safely referenced (user agreement)
S SGE ”SE selection” must be supplied (configured) in both channels

Warning
! ”Safe software limit switches” are only effective if the user agreement has been
given.
During the time in which the measuring system of the machine axis is switched off,
it is not permissible that the axis is mechanically moved. Otherwise this results in
an offset between the last buffered actual position and the real actual position of
the machine axis. This would lead to an incorrect synchronization of the measuring
system resulting in danger to personnel and machine.
If axis motion cannot be prevented mechanically in the shutdown state, either an
absolute encoder must be used or the axis must be referenced again with
reference point approach after switching on.

6.7.1 Effects when an SE responds

Warning
! The SE function does not predictively monitor the SW (software) limit switches.
This means that the axis stops after passing the limit position. The distance
traveled after the SE is dependent on:
-- How the function was parameterized (monitoring clock cycle, stop response,
...)
-- The actual speed
-- The design of the axis

© Siemens AG 2015 All Rights Reserved

6-172 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.7 Safe software limit switches (SE)

Configurable stop responses

When a ”safe software limit switch” is passed, then a stop response, which can be
configured using the following machine data, is generated:
for 840D sl:
MD36962 $MA_SAFE_POS_STOP_MODE
for SINAMICS S120:
p9562 SI Motion SLP (SE) stop response (Control Unit)
The user can select either STOP C, D or STOP E.

Effect
S The configured stop response is initiated
S The relevant alarm is displayed

Acknowledging and moving away

1. Withdraw the user agreement (SE is no longer active) or changeover to another
SE.
2. Acknowledge the stop and alarm response.
3. Bring the axis into a range in which the monitoring no longer responds.

Timing when the safe software limit switches are actuated

If the ”safe software limit switches” function is active, the system timing is as
follows when the software limit switches are actuated (passed):

n
a) the end position is passed
nact

t2

t1
t
not to scale
t5
t3
t4

t6

Figure 6-18 Timing when a software limit switch is actuated

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-173
Safety functions integrated in the system/drive 10/15
6.7 Safe software limit switches (SE)

Table 6-20 Explanation of the figure

Time Explanation
t1 The position control clock cycle, defined by the following MDs:
for 840D sl:
MD10050 $MN_SYSCLOCK_CYCLE_TIME
MD10060 $MN_POSCTRL_SYSCLOCK_TIME_RATIO
t2 Monitoring clock cycle, defined by the following MDs:
for 840D sl:
MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
for SINAMICS S120:
p9500 SI Motion monitoring clock cycle (Control Unit)
t3 Delay until the configured stop response is output
(typical 0.5 monitoring clock cycles, maximum 1 monitoring clock cycle + 1 position controller
clock cycle)
t4 Time until the configured stop response becomes effective
(typical 1.5 monitoring clock cycles, maximum 2 monitoring clock cycles + 1 position controller
clock cycle)
t5 Time until the stop response that was initiated actually starts
STOP C: typical 2 position controller clock cycles, maximum 2 position controller clock cycles
STOP D/E: typical 2 interpolation clock cycles, maximum 2 interpolation clock cycles + 2 moni-
toring clock cycles
t6 Time required to bring the axis to a standstill.
This time and thus the residual distance traveled by the axis is determined by the axis design
(motor, mass, friction, ...) and the configured stop response (STOP C is faster than STOP D).
Note:
Each axis must be measured during commissioning (start--up) to determine the distance that it travels
between the limit switch being violated and it coming to a standstill.

© Siemens AG 2015 All Rights Reserved

6-174 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.8 Safety software cams and safety cam track (SN)

6.8 Safety software cams and safety cam track (SN)

Description
The ”safe software cams” function (SN) can be used to implement safe electronic
cams, safe range detection or working zone/protection zone delimination for spe-
cific axes, thereby replacing the hardware solution.

Warning
! The enabled cam signals are immediately output when the control system is
powered--up, this output is however only safe after safe referencing (this is
signaled using the SGA ”Axis safely referenced”).
The cams are only considered as being safe if they were safely referenced. This is
the reason that the user must interlock this SGA with the cam SGA.
During the time in which the measuring system of the machine axis is switched off,
it is not permissible that the axis is mechanically moved. Otherwise this results in
an offset between the last buffered actual position and the real actual position of
the machine axis. This would lead to an incorrect synchronization of the measuring
system resulting in danger to personnel and machine.
If axis motion cannot be prevented mechanically in the shutdown state, either an
absolute encoder must be used or the axis must be referenced again with
reference point approach after switching on.

Features
The most important features include:
S Cam positions are safely defined and evaluated as a software function
S Working ranges/zones are defined

Tolerance for SN
Owing to variations in the clock cycle and signal run times (signal propagation
times), the cam signals of the two monitoring channels do not switch simulta-
neously and not precisely at the same position. A tolerance bandwidth can there-
fore be specified for all cams using the following machine data/parameters. Within
this bandwidth, the signal states for the same cam may be different in the two
monitoring channels.
for 840D sl:
MD36940 $MA_SAFE_CAM_TOL
for SINAMICS S120:
p9540 SI Motion SCA (SN) tolerance (Control Unit)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-175
Safety functions integrated in the system/drive 10/15
6.8 Safety software cams and safety cam track (SN)

Note
The lowest possible tolerance bandwidth (less than 5--10 mm) should be selected
for the ”safe software cams” function. It makes sense to parameterize the cam
tolerance greater than or equal to the actual value tolerance.

Effects when SN responds

Warning
! When defining cam positions, please note that the function only monitors the
actual position thus making (predictive) sensing of cam signals impossible.
The cams are only considered as being safe if they were safely referenced. This is
the reason that the user must link this SGA in the SPL with the corresponding
SGA of the cam functionality.

Response times
S Response times without cam synchronization
typical 1 interpolation clock cycle + 1.5 monitoring clock cycles
mMaximum 1 position controller clock cycle + 4 monitoring clock cycles +
2 interpolation clock cycles + 3 PLC cycles
S Response times with cam synchronization
typical 1 interpolation clock cycle + 2.5 monitoring clock cycles
maximum 1 position controller clock cycle + 5 monitoring clock cycles +
2 interpolation clock cycles + 3 PLC cycles

6.8.1 Safe software cams (4 cam pairs)

Note
If more than 4 cam pairs are required, then the ”safe cam track” function must be
used (refer to Chapter 6.8.2, ”Safe cam track”).

Description
There are 4 pairs of cams (SN1, SN2, SN3, SN4) available for each axis. Each
cam pair consists of a plus cam (SN1+, SN2+, SN3+, SN4+) and a minus cam
(SN1--, SN2--, SN3--, SN4--). Each cam signal can be individually enabled and
configured via machine data. The cam signals are output via SGAs.

© Siemens AG 2015 All Rights Reserved

6-176 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.8 Safety software cams and safety cam track (SN)

Preconditions
The following prerequisites must be fulfilled for the ”safe software cams” function:
S The axis/axes must have been safely referenced (user agreement)
S The safe cams must be configured:
The required cams are enabled using machine data
for 840D sl:
36901 $MA_SAFE_FUNCTION_ENABLE, bits 8...15 and parameter
for SINAMICS S120:
p9501 SI Motion enable safety functions, bits 8...15
SGA assignment is defined using machine data
for 840D sl:
36988 $MA_SAFE_CAM_PLUS_OUTPUT[n] and
36989 $MA_SAFE_CAM_MINUS_OUTPUT[n]

Defining the cam positions

The cam positions are defined in the following machine data/parameters:
for 840D sl:
MD36936 $MA_SAFE_CAM_POS_PLUS[0...3]
MD36937 $MA_SAFE_CAM_POS_MINUS[0...3]
for SINAMICS S120:
p9536[n] SI Motion SCA (SN) plus cam position (Control Unit)
p9537[n] SI Motion SCA (SN) minus cam position (Control Unit)

Special case for SN

If the axis is positioned precisely at the parameterized cam position, the cam
signals may have different states owing to system--related variations in the actual
values between the two monitoring channels.
This must be taken into account when safely processing the cam signals, e.g. by
filtering the different signal states by means of a logic circuit (see ”Synchronizing
cam signals”).

Synchronizing cam signals

As a result of system--related actual value differences, the cam signals of the
monitoring channels can have different states. In order to prevent this, the cam
synchronization can be activated. This rounds off the results of both channels.
The cam SGAs at the input position of the SPL are synchronized if the user has
parameterized this using the function enable.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-177
Safety functions integrated in the system/drive 10/15
6.8 Safety software cams and safety cam track (SN)

Cam signal synchronization is enabled using the following machine data /

parameters:
for 840D sl:
MD36901 $MA_SAFE_FUNCTION_ENABLE, bit 7
for SINAMICS S120:
p9501 SI Motion enable safety functions (Control Unit), bit 7
The cam SGAs including the hysteresis, but without synchronization are displayed
in the service screen and servo trace.

Hysteresis of cam SGAs

When cam synchronization is activated, cam signals are output with a hysteresis
that takes into account the approach direction (see Fig. 6-19, ”Hysteresis of the
cam SGAs”). This helps to prevent the SGAs from ”flickering” if the axis is
positioned exactly on the cam.
The magnitude of the hysteresis is determined by the following data:
for 840D sl:
MD36940 $MA_SAFE_CAM_TOL
(tolerance for safe software cams)
for SINAMICS S120:
p9540 SI Motion SCA (SN) tolerance (Control Unit)

Cam position
s
SGA = 1

SGA = 0

Tolerance
for safe
cams

Figure 6-19 Hysteresis of the cam SGAs

If the cam is incorrectly/inadmissibly parameterized, then this is indicated by

Alarm 27033.

© Siemens AG 2015 All Rights Reserved

6-178 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.8 Safety software cams and safety cam track (SN)

Warning
! As a result of the cam hysteresis, for increasing actual values, the cams SGA do
not switch at the configured cam position (SN) but at the position increased by the
cam tolerance (hysteresis) (SN+TOL).
Users must carefully take this into consideration when configuring the cam
positions and cam tolerance.

Safe software cams for endlessly turning rotary axes

For rotary axes with cams, the modulo range (cam actual value range) can be set
using the following machine data/parameters:
for 840D sl:
MD36902 $MA_SAFE_IS_ROT_AX
for SINAMICS S120:
p9502 SI Motion axis type (Control Unit)
for 840D sl:
MD36905 $MA_SAFE_MODULO_RANGE
for SINAMICS S120:
p9505 SI Motion SCA (SN) modulo value (Control Unit)
The cam actual value range should be selected as wide as the modulo display of
the safe actual value.
For rotary axes, the modulo display of safe actual values is selected and parame-
terized using the following machine data:
for 840D sl:
MD30300 $MA_IS_ROT_AX
MD30320 $MA_DISPLAY_IS_MODULO
MD30330 $MA_MODULO_RANGE

Limiting the cam positions

When parameterizing the cam positions, the following conditions close to the
modulo limits must be maintained.
When cam synchronization is not active:
S -- Mod_Pos + Pos_Tol < SN_Pos < Mod_Pos -- Pos_Tol
When cam synchronization is active:
S -- Mod_Pos + Pos_Tol + Cam_Tol < SN_Pos < Mod_Pos -- Pos_Tol -- Cam_Tol
Meanings:
Pos_Tol: Actual value tolerance
MD36942 $MA_SAFE_POS_TOL for 840D sl
p9542 SI Motion actual value comparison tolerance (crosswise) (Control Unit) for
SINAMICS S120

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-179
Safety functions integrated in the system/drive 10/15
6.8 Safety software cams and safety cam track (SN)

Cam_Tol: Cam tolerance

MD36940 $MA_SAFE_CAM_TOL for 840D sl
p9540 SI Motion SCA (SN) tolerance (Control Unit) for SINAMICS S120
Mod_Pos: Lower/upper modulo value:
MD36905 $MA_SAFE_MODULO_RANGE for 840D sl
p9505 SI Motion SCA (SN) modulo value (Control Unit) for SINAMICS S120
SN_Pos: Cam position:
MD36936 $MA_SAFE_CAM_POS_PLUS[n] for 840D sl
p9536 SI Motion SCA (SN) plus cam position (Control Unit) for SINAMICS S120
MD36937 $MA_SAFE_CAM_POS_MINUS[n] for 840D sl
p9537 SI Motion SCA (SN) minus cam position (Control Unit) for SINAMICS S120
When booting, the parameterization (parameter assignments) are checked in each
monitoring channel. In the case of parameterization errors (a condition is not ful-
filled), Alarm 27033 or F01687 is output after the control has been booted.

6.8.2 Safe cam track

Description
The ”safe cam track” function is used as an alternative to safe cams (refer to
Chapter 6.8.1). The user has 4 cam tracks at his disposal. Up to 15 cams can be
evaluated on a cam track. A total of 30 cams are available. The information as to
which cam of a cam track is presently active is saved in the SGA ”cam range”
(4 bits for each cam track) and can together with the SGA ”cam track” be evalua-
ted in the safe programmable logic (SPL).
Further, the cams are available as SGA safe cam range bits.

Preconditions
The following prerequisites apply to the ”safe cam track” function:
S The axis/axes must have been safely referenced (user agreement)
S Either the ”safe cams” function or the ”safe cam track” function may only be
used alternatively, i.e. simultaneous enable in the machine data or parameters
MD36903 $MA_SAFE_CAM_ENABLE / p9503 SI Motion SCA (SN) enable
(Control Unit) and
MD36901 $MA_SAFE_FUNCTION_ENABLE / p9501 SI Motion enable safety
functions (Control Unit)
is not permissible and results in the alarm 27033 / C01681 ”Invalid parameteri-
zation”.

© Siemens AG 2015 All Rights Reserved

6-180 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.8 Safety software cams and safety cam track (SN)

S The modulo function is not supported. If the ”safe cam track” function is ena-
bled and a value > 0 entered in the MD36905 $MA_SAFE_MODULO_RANGE /
p9505 SI Motion SCA (SN) modulo value (Control Unit), then alarm 27033 ”Axis
%1 parameterization of the MD $MA_SAFE_REFP_STATUS_OUTPUT[0] inva-
lid, error code %4” is output with a reference to $MA_SAFE_MO-
DULO_RANGE.
S The safe cams must be configured:
The required cams are enabled using machine data
for 840D sl:
36903 $MA_SAFE_CAM_ENABLE, bits 0...29 and parameter
for SINAMICS S120:
p9503 SI Motion SCA (SN) enable (Control Unit), bits 0...29
SGA assignment is defined using machine data
for 840D sl:
36988 $MA_SAFE_CAM_PLUS_OUTPUT[n] and
36989 $MA_SAFE_CAM_MINUS_OUTPUT[n]

Defining the cam positions

The cam positions are defined in the following machine data/parameters:
for 840D sl:
36936 $MA_SAFE_CAM_POS_PLUS[0...29]
36937 $MA_SAFE_CAM_POS_MINUS[0...29]
for SINAMICS S120:
p9536[0...29] SI Motion SCA (SN) plus cam position (Control Unit)
p9537[0...29] SI Motion SCA (SN) plus cam position (Control Unit)

Note
The minus position of cam x must be less than the plus position of cam x,
otherwise alarm 27033 ”Invalid parameterization” is output. For an incorrect
parameterization, also alarm F01686 ”SI Motion: Cam position parameterization
not permissible” of the drive is also output.

Assignment, cam to cam track

The cams defined in $MA_SAFE_CAM_POS_PLUS[0...29] and
$MA_SAFE_CAM_POS_MINUS[0...29] are assigned to a cam track as follows:
for 840D sl:
36938 $MA_SAFE_CAM_TRACK_ASSIGN[0...29]
for SINAMICS S120:
p9538[0...29] SI Motion cam track assignment (Control Unit)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-181
Safety functions integrated in the system/drive 10/15
6.8 Safety software cams and safety cam track (SN)

Value range:
100...114 = cam range 0...14 at cam track 1
200...214 = cam range 0...14 at cam track 2
300...314 = cam range 0...14 at cam track 3
400...414 = cam range 0...14 at cam track 4
The ”hundreds” position defines which cam track is assigned to the cams. The
”tens” and ”ones” positions contain the numerical value that is signaled to the SPL
as SGA ”cam range”.
Please note:
S It is not possible to assign a cam a multiple number of times to several tracks.
A multiple assignment only functions if an additional cam is parameterized with
the same cam position and assigned to another cam track.
S Cam positions can be freely assigned to a cam range.
S Cams that have not been assigned do not appear on the cam track.
S The cams on a cam track must not overlap.
S The cams on a cam track must have a certain minimum length.
S The cams on a cam track must have a certain minimum distance between
them.

Evaluation of the parameterization

For the evaluation, the following checks are made (for the NCK and drive):
S If $MA_SAFE_CAM_ENABLE > 0, then $MA_SAFE_FUNCTION_ENABLE, bit
8--15 must be = 0.
S If $MA_SAFE_CAM_ENABLE > 0, then it is not permissible that the enable bit
for cam synchronization is set (($MA_SAFE_FUNCTION_ENABLE, bit 7 = 0)
S Modulo cams are not permissible ($MA_SAFE_MODULO_RANGE must be 0 if
$MA_SAFE_CAM_ENABLE > 0).
S Checking the cam length:
$MA_SAFE_CAM_POS_PLUS[0...29] -- $MA_SAFE_CAM_POS_MINUS[0...29] >=
$MA_SAFE_CAM_TOL + $MA_SAFE_POS_TOL
S Checking the distance between 2 cams on a cam track:
$MA_SAFE_CAM_POS_MINUS[y] -- $MA_SAFE_CAM_POS_PLUS[x] >=
$MA_SAFE_CAM_TOL + $MA_SAFE_POS_TOL

S It is not permissible to parameterize two cams on the same track and range:
Example:
$MA_SAFE_CAM_TRACK_ASSIGN[2] = 205;
$MA_SAFE_CAM_TRACK_ASSIGN[5] = 205;
As a consequence, it is not possible to assign more than 15 cams to a cam
track.

© Siemens AG 2015 All Rights Reserved

6-182 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.8 Safety software cams and safety cam track (SN)

S If a cam is enabled in $MA_SAFE_CAM_ENABLE, then it must also be

assigned.
If a violation is determined when making these checks, then alarm 27033 ”Parame-
terization invalid” / F01686 ”SI Motion: Cam position parameterization not permissi-
ble” is output.
The generation of the new cam SGA is shown in Fig. 6-20:

Parameterization example for SGA ”cam track” and ”cam range”

SGA ”cam track” / SGA ”cam range”

15

SGA ”cam range” for

cam track 2
5

2
SGA ”cam track 2”
1
Position

SN2-- SN2+ SN6-- SN6+ SN3-- SN3+ SN8-- SN8+ SN1-- SN1+

Figure 6-20 SGA ”cam track” and ”cam range”

Note
The traversing range for rotary axes must lie within +/--2048 revolutions. This
corresponds to the value range of the safety--related actual value.

Parameterization example for Fig. 6-20:

Enabling the cams SN1, SN2, SN3, SN6, SN8:
$MA_SAFE_CAM_ENABLE = 0xA7 (0000 0000 0000 0000 0000 0000 1010 0111);
Parameterizing the cam positions for the cams that have been enabled:
S SN1
$MA_SAFE_CAM_POS_PLUS[0] = 480
$MA_SAFE_CAM_POS_MINUS[0] = 455
S SN2
$MA_SAFE_CAM_POS_PLUS[1] = 120
$MA_SAFE_CAM_POS_MINUS[1] = 80
S SN3
$MA_SAFE_CAM_POS_PLUS[2] = 320
$MA_SAFE_CAM_POS_MINUS[2] = 300

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-183
Safety functions integrated in the system/drive 10/15
6.8 Safety software cams and safety cam track (SN)

S SN6
$MA_SAFE_CAM_POS_PLUS[5] = 200
$MA_SAFE_CAM_POS_MINUS[5] = 170
S SN8
$MA_SAFE_CAM_POS_PLUS[7] = 380
$MA_SAFE_CAM_POS_MINUS[7] = 350
Parameterizing the cam range assignment:
(all cams that have been enabled are assigned to cam track 2)
S $MA_SAFE_CAM_TRACK_ASSIGN[0] = 201
(cam SN1 is assigned cam range 1)
S $MA_SAFE_CAM_TRACK_ASSIGN[1] = 203
(cam SN2 is assigned cam range 3)
S $MA_SAFE_CAM_TRACK_ASSIGN[2] = 202
(cam SN3 is assigned cam range 2)
S $MA_SAFE_CAM_TRACK_ASSIGN[5] = 204
(cam SN6 is assigned cam range 4)
S $MA_SAFE_CAM_TRACK_ASSIGN[7] = 205
(cam SN8 is assigned cam range 5)

Behavior of the SGA

The SGA ”cam track” is the OR logic operation of all individual cams on a cam
track. If an axis is at a cam on a cam track, then the SGA of this cam track is set
to 1. Together with the SGA ”cam range”, information is available as to which cam
is presently active.
The SGA ”cam range” starts at the lower end of the traversing range with the
range of the 1st cam -- assigned in $MA_SAFE_CAM_TRACK_ASSIGN[n] -- on
this cam track, i.e. in this case ”3”. At the upper end after the last cam on this cam
track, the range SGA is set to ”15”. The transition of the range to the next value is
realized when moving in the positive direction always at the falling edge of an indi-
vidual cam.
The enable machine data as well as all cam limit values and range assignments
are compared crosswise between the NCK and drive.
The user can use the following to connect to the SPL interface ($A_INSI /
$A_OUTSI)
-- SGA ”cam track” MD37900
$MA_SAFE_CAM_TRACK_OUTPUT[0...3] and for the
-- SGA ”cam range”, MD37901--37904:
$MA_SAFE_CAM_RANGE_OUTPUT_1/2/3/4[0...3] and for the
-- SGA ”cam range bits”, machine data 37906--37909
$MA_SAFE_CAM_RANGE_BIN_OUTPUT_1/2/3/4[0...14].
Specified machine data follow the generally valid rules when assigning the safety--
related inputs/outputs.

© Siemens AG 2015 All Rights Reserved

6-184 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.8 Safety software cams and safety cam track (SN)

Warning
! In the case of a fault, SGAs can assume a value of ”0” (e.g. as a result of the cam
synchronization between monitoring channels, loss of the safety--related
referencing etc.). The user must take this into account so that when the SGAs are
further processed, in a fault condition, no unsafe (hazardous) machine states can
occur (that means, for example, safety door enabling only with value ”1”).
Further, the SGAs ”cam range” may only be evaluated as supplementary
information to SGA ”cam track”. It is not permissible to evaluate the SGA ”cam
range” alone without evaluating the SGA ”cam track”.

Hysteresis of cam SGAs

The hysteresis is applied both to the SGA ”cam track” as well as to SGA ”cam
range” to prevent signal flutter. This means the SGAs are therefore generated as
follows in the two monitoring channels, NCK and drive:

SGA ”cam track” / SGA ”cam range”

15

SGA ”cam range”

4

2
SGA ”cam track 2”
1

Position
SN2-- SN2-- SN2+ SN2+ SN6-- SN6-- SN6+ SN6+

+ tol +tol + tol + tol

Figure 6-21 SGA ”cam track” and ”cam range” with hysteresis

Warning
! As a result of the cam hysteresis, for increasing actual values, the cams SGA do
not switch at the configured cam position (SN) but at the position increased by the
cam tolerance (hysteresis) (SN+TOL).
Users must carefully take this into consideration when configuring the cam
positions and cam tolerance.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-185
Safety functions integrated in the system/drive 10/15
6.8 Safety software cams and safety cam track (SN)

Synchronization
The synchronization of the cam SGA is carried out between the NCK and PLC.
Both the SGA ”cam track” as well as the SGA ”cam range” must be synchronized.
The SGA ”cam track” is synchronized by AND’ing the two signals from the NCK
and drive monitoring channels. The logic operation is carried out for all 4 cam posi-
tions.
The 4--bit SGA ”cam range” (value range 0...15) is synchronized according to the
following rule:
If the SGA ”cam range” as well as the SGA ”cam track” is different in both moni-
toring channels and the SGA ”cam track” of its own channel has a value of ”1”,
then the SGA ”cam range” of the other channel must be used.

Alternative evaluation of the cam signals

In order to simplify the evaluation of cam signals, the cam signals ”cam track” and
”cam range”, generated from the axis monitoring channels NCK and drive can be
mapped to 15 ”cam range bits” for each cam track (for the cam ranges 0 ... 14).
The ”cam range bits” are generated by logically combining the ”cam track” and
”cam range” signals in the NCK and in the PLC. If the axis is positioned at a cam,
then the cam range bit of the cam range assigned to this cam is set to 1.
The SGA ”cam track”, ”cam range” and ”cam range bit” are shown in the Fig. 6-22
using an example:

© Siemens AG 2015 All Rights Reserved

6-186 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Safety functions integrated in the system/drive
6.8 Safety software cams and safety cam track (SN)

SGA ”cam range” for cam track 2

15

1
Position

1 SGA ”cam track 2”

0
SN2-- SN2+ SN6-- SN6+ SN3-- SN3+ SN8-- SN8+

1 SGA ”cam range bit [2]” for

cam track 2
0

1 SGA ”cam range bit [3]” for

cam track 2
0

1 SGA ”cam range bit [4]” for

cam track 2
0

1 SGA ”cam range bit [5]” for

cam track 2
0

Figure 6-22 SGA ”cam track” and ”cam range”

Explanation
S Cam SN2 is assigned to track 2 by parameterizing cam range 3
($MA_SAFE_CAM_TRACK_ASSIGN[1] = 203). If the axis is at cam SN2,
SGA ”cam range bit [3]” (index 3 stands for cam range 3) is set to 1.
S Cam SN6 is assigned to track 2 by parameterizing cam range 4
($MA_SAFE_CAM_TRACK_ASSIGN[5] = 204). If the axis is at cam SN6,
SGA ”cam range bit [4]” (index 4 stands for cam range 4) is set to 1.
S ...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 6-187
Safety functions integrated in the system/drive 10/15
6.8 Safety software cams and safety cam track (SN)

Space for your notes

© Siemens AG 2015 All Rights Reserved

6-188 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Connecting Sensors/Actuators 7
7.1 Safety--relevant input/output signals

7.1.1 Overview of the SGEs/SGAs and their structure

Description
The safety--related input and output signals (SGEs and SGAs) are the interface of
the internal Safety Integrated functionality to the process.
SGE signals (safety--related input signals) control the active monitoring by dese-
lecting or selecting the safety functions. This is realized, among other things,
depending on the status (switching status) of sensors and transmitters.
SGA signals (safety--related output signals) are feedback signals from safety func-
tions. They are, among other things, suitable for controlling actuators in a safety--
related fashion.

Processing I/O signals for the NC and drive through two channels
A two--channel structure is used to input/output and process safety--related input/
output signals (refer to Figure 7-1 ”NCK and drive monitoring channel”). All of the
requests and feedback signals for safety--related functions should be entered or
retrieved through both monitoring channels (two--channel structure).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-189
Connecting Sensors/Actuators 10/15
7.1 Safety--relevant input/output signals

External Internal
SGE/SGA SGE/SGA

NCK signal processing Interface

F--Send/Receive--DP
NCK-- NCK--SGE/ Comparator

PROFIsafe or
SPL SGA
signals Data
Machine
NCK monitoring channel
comm. SPL-- Axis
CDC CDC CDC

Drive monitoring channel

PROFIsafe
F--Send/Receive--DP

NC--/PLC Comparator
or
interface:
F_SENDDP/
PROFIsafe or

Bus PLC--
F_RECVDP SPL Axis/
Data
spindle DB

PLC signal processing Interface

Process System

Figure 7-1 NCK and drive monitoring channel

For the NCK monitoring channel, signals are input/output via the SPL -- possibly
processed by the NCK (see Chapter 7.1.5 ”Multiple distribution and multiple inter-
locking”) and emulated (mapped) in the NCK--SGE/SGA interface.
The signals from the drive monitoring channel are input/output via the SPL and
sent to the drive via the interface axis/spindle DB.
Internal SGE/SGA (interface to the various axis--specific safety functions) are, e.g.
selecting and deselecting safety functions, changing--over limit values, output of
status signals. They are defined for the particular Safety Integrated functions.
Sensors -- e.g. switches, pushbuttons, protective door contacts, emergency stop
buttons, light curtains, laser scanners -- are connected to the external SGE (inter-
face to the process, i.e. to the machine). Actuators -- e.g. load contactors, valves,
interlocking solenoids -- are connected to the external SGA. The connection is
established through the PROFIsafe I/O, also see Chapter 7.2. Generally, a brake is
directly connected at the Motor Modules via terminals.
The external and internal SGE/SGA are freely interlocked (logically combined) by
the user using the safe programmable logic (SPL), also see Chapter 7.5.
Crosswise data comparison is implemented between the monitoring channels that
operate independently of one another. If there is inequality, then a STOP F is initia-
ted (CDC between the drive and NCK).

© Siemens AG 2015 All Rights Reserved

7-190 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.1 Safety--relevant input/output signals

A STOP D/E is triggered for an SPL--CDC error. SGE/SGA are set into the safe
state if an error is detected by the communication CDC.

Note
As a result of the two--channel structure of Safety Integrated, the machine
manufacturer must supply the SGE and SGA in both the NCK monitoring channel
and the drive monitoring channel.
The actual signal state of the SGE/SGA is displayed using the ”Service display”
menu. Information regarding Safety Integrated data with the associated axis
names and the axis number are displayed in the ”Service SI” window.

For Safety Integrated, SGEs/SGAs are coupled via the PROFIsafe profile using
standard PROFIBUS and PROFINET buses based on standard network compo-
nents. See Chapter with 7.2 ”Connecting I/O via PROFIsafe”. Internal SGE/SGA
signals are accessed via the SPL (see Chapter 7.5).
For instance, the following can be requested or signaled in each monitoring
channel and for each/spindle with safety technology using SGE/SGA signals:
S Safety functions can be selected and deselected
S Limit values can be selected and changed--over
S States relating to safety operation can be fed back

Features
S SGE and SGA signals are processed through two channels
S Processed in the NCK monitoring channel
S Processed in the drive monitoring channel
S Safety functions are selected/deselected independent of the NC mode
S Differences in the active SGE/SGA in the monitoring channels are detected in
the crosswise data/result comparison
The access to SGE/SGA signals is described in Chapter 7.2 ”Connecting I/O via
PROFIsafe”, Chapter 7.4 ”Safety--related CPU--CPU communication” and Chapter
7.5 ”Safe programmable logic (SPL)”.

Warning
! The state of a deleted SGE/SGA (logical ”0”) that can be achieved both by the
user as well as also using fault responses of the ”SINUMERIK Safety Integrated”
system, are defined as so--called ”fail--safe state” of an SGE/SGA. This is the
reason that the system is only suitable for applications where this state
corresponds to the fail--safe state of the process controlled by ”SINUMERIK
Safety Integrated”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-191
Connecting Sensors/Actuators 10/15
7.1 Safety--relevant input/output signals

Which SGE/SGA are there?

For each axis/spindle, the following SGE and SGA are in each monitoring channel:

SBH/SG deselection
SBH deselection
SG selection, bit 0, 1
SE selection
SGE Ratio selection, bits 0, 1, 2
Test stop selection (drive)
Close brake (drive)
SG correction selection, bits 0, 1, 2, 3 SBH/SG
ext. STOP A deselection SE
ext. STOP C deselection SN
ext. STOP D deselection
ext. STOP E deselection

SBH/SG active
Axis safely referenced
SGA SN1--, SN2--, SN3--, SN4--
SN1+, SN2+, SN3+, SN4+
Safe cam tracks 1, 2, 3, 4
Safe cam range for cam track 1, bits 0--3
Safe cam range for cam track 2, bits 0--3
Safe cam range for cam track 3, bits 0--3
Safe cam range for cam track 4, bits 0--3
Cam range bits per bit 0--15 for cam tracks 1, 2, 3, 4

n < nx
SG active, bits 0, 1
SBH active
Status, pulses cancelled (drive)
STOP A/B active
STOP C active
STOP D active
STOP E active

Figure 7-2 SGE and SGA in every monitoring channel for each axis/spindle

Note
The SGE/SGA signals are described in Chapter 8.6, ”Description of Interface
signals”.

© Siemens AG 2015 All Rights Reserved

7-192 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.1 Safety--relevant input/output signals

NCK--SGE/SGA
The signals are assigned to the NCK--SPL inputs/outputs using machine data.

Note
Only the NCK--SGE are assigned to an NCK--SPL output that are also required for
the particular application. For axes, where for example, the gear ratio does not
change, the NCK--SGE ”ratio selection bit 2 to 0” do not have to be assigned to
SPL inputs. A value of 0 should be entered into the associated MD (i.e. the
NCK--SGE does not have an SPL assignment and is set to 0). This does not apply
to external STOPs that are not used.

PLC--SGE/SGA
For the drive monitoring channel, the NC/PLC interface (axis/spindle DB) repre-
sents the SGE/SGA interface between the PLC and the drive. The PLC user pro-
gram must supply this interface.

Note
Only the PLC--SGE should be processed in the PLC user program that are also
required for the particular application. SGE that are not used must be set to the
value 0 -- i.e. to a defined state. This does not apply to external STOPs that are
not used.
See Chapter 6.3.9 ”Forced checking procedure of the external STOPs” for
information about SGE/SGA for the test stop for external stops.

How many SGE/SGA are required as a minimum?

Depending on the particular application, only some of the maximum number of
SGE/SGA available are required.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-193
Connecting Sensors/Actuators 10/15
7.1 Safety--relevant input/output signals

Table 7-1 Minimum SGE/SGA required

Function Minimum SGEs required Minimum SGAs required

Safe operating SBH/SG deselection SBH/SG active
stop (SBH) Test stop selection (drive) Status, pulses cancelled
External stops (drive)
STOP A/B, C, D, E active
(only if required)
if gearbox stages are being used
Gear ratio selection, bit 2 (only if it is necessary to
select the ratio)
Gear ratio selection, bit 1 (only if it is necessary to
select the ratio)
Gear ratio selection, bit 0 (only if it is necessary to
select the ratio)
Safely reduced SBH/SG deselection SBH/SG active
speed (SG) SBH deselection Status, pulses cancelled
SG selection, bit 1 (only for SG changeover) (drive)
SG selection, bit 0 (only for SG changeover) STOP A/B, C, D, E active
Test stop selection (drive) (only where required)
External stops active SG stage, bits 0, 1
if gearbox stages are being used (only where required)
Gear ratio selection, bit 2 (only if it is necessary to
select the ratio)
Gear ratio selection, bit 1 (only if it is necessary to
select the ratio)
Gear ratio selection, bit 0 (only if it is necessary to
select the ratio)
Safe software SE selection (only for SE changeover) SBH/SG active
limit switches Test stop selection (drive) Axis safely referenced
(SE) SBH/SG deselection (at least for test during Status, pulses cancelled
commissioning [start--up]) (drive)
External stops STOP A/B, C, D, E active
(only where required)
Safe software Test stop selection (drive) SBH/SG active
cams (SN) SBH/SG deselection STOP A/B, C, D, E active
(at least for test during commissioning [start--up]) (only where required)
External stops Axis safely referenced
SN1--, SN2--, ..., SN30--
(only where required)
SN1+, SN2+, ..., SN30+
(only where required)
Status, pulses cancelled
(drive)

© Siemens AG 2015 All Rights Reserved

7-194 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.1 Safety--relevant input/output signals

Different signal run times in the channels

The signal timing in the two monitoring channels varies (the PLC cycle time takes
up most of the available time in the drive monitoring channel). To prevent the
crosswise data comparison function from being immediately activated after a signal
change, a tolerance time is defined using the following machine data:
for 840D sl:
MD36950 $MA_SAFE_MODE_SWITCH_TIME
for SINAMICS S120:
p9550 SI Motion SGE changeover tolerance time (Control Unit)
This data specifies the time period for which different signal states may be toler-
ated after the SGEs have been changed--over before an error message is output.

Note
System--related minimum tolerance time
2 x PLC cycle time (maximum cycle) + 1 x IPO cycle time

7.1.2 Forced checking procedure of SPL signals

Fundamentals
Safety--related input/output signals including the connecting cables to the I/O (peri-
pherals) and the sensors and actuators connected to them must always be subject
to a forced--checking procedure (see Chapter 5.3 ”Forced checking procedure”).
The scope of the forced checking procedure should be implemented corresponding
to the subsequent conditions.
This means that the selection of a suitable forced checking procedure concept de-
pends on the specific application and the specific sensor and/or actuator; this deci-
sion must be made by the user. In this scope, the user must configure the forced
checking procedure.

SPL signals
The forced checking procedure of SPL signals is a part of the SPL functionality
(see Chapter 7.5 ”Safe programmable logic (SPL))”.
Once the external safety circuit has been wired, a two--channel SPL has been
created and the relevant safety functions configured and checked with an accep-
tance test, the long--term reliability of this function, verified using an acceptance
test, can be ensured:

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-195
Connecting Sensors/Actuators 10/15
7.1 Safety--relevant input/output signals

S External inputs/outputs
The external inputs/outputs of the SPL ($A_INSE or $A_OUTSE) must be sub-
ject to a forced checking procedure to ensure that faults do not accumulate over
a period of time which would mean that both monitoring channels could fail.
S Internal inputs/outputs
Internal inputs/outputs ($A_INSI, $A_OUTSI), markers ($A_MARKERSI) etc.
($A_TIMERSI) do not have to be subject to a forced checking procedure. It will
always be possible to detect an error at these locations due to the differing two--
channel responses of the external inputs/outputs or the NCK/drive monitoring
channels; crosswise data comparison is carried out at both ends of the re-
sponse chain to detect any errors.

Test signals
”3--terminal concept” (see Chapter 7.1.3 ”Connecting sensors -- actuators using
the 3--terminal concept”):
S If an input signal ($A_INSE)is, for example, evaluated through two channels,
the associated test output signal can be implemented using one channel. It is
extremely important that the input signal can be forced/changed and checked in
both channels.
S In the same way, the assigned test input signal for two--channel output signals
($A_OUTSE) can be implemented in one channel if it is connected according to
the following rule:
The test input signal may only return an ”OK” status (”1” signal level) if both
output signals function (i.e. both monitoring channels have output a ”0”).
A simultaneous test in both channels allows the correct functioning in both
channels to be checked using one feedback signal.

Trigger/test
The timer or event controlled triggering of the forced checking procedure is activa-
ted in one channel by the PLC.
If errors are detected, the PLC user program should respond by initiating an exter-
nal ”STOP D/E” and switching the external SGAs into a safe state.

Notes to avoid errors

1. A ”2--terminal concept” in which a single--channel net (useful) signal is to be
subject to a forced checking procedure using a single--channel test signal is
not permitted. In this case, the two--channel SPL structure would be worthless
and crosswise data comparison would have no effect.
The following are admissible:
S A ”full 4--terminal concept for sensors” (two--channel test signal for a two--
channel useful [net] signal),
S the ”3--terminal concept for sensors/actuators” recommended above

© Siemens AG 2015 All Rights Reserved

7-196 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.1 Safety--relevant input/output signals

S a ”2--terminal concept for sensors without test signals”, if the two--channel

net (useful) signal to be tested automatically changes its level dynamically
as a result of the process. For example, for the input signals of a protective
door,
S a ”2--terminal concept for sensors without test signals”, if the sensor is a
safety--related component, e.g. light curtains,
S a ”2--terminal concept for actuators without test signals”, if the actuator is a
safety--related component, e.g. safety valves,
S a ”2--terminal concept for actuators without test signals” if the feedback
signal can be checked using other useful signals. For example, for a valve
that indirectly switches a BERO via the process and this is available for
evaluation,
S a ”2--terminal concept for actuators without test signals” if the function of the
mechanical system can be checked using other useful signals. For example,
for a brake that is checked using a separate brake test.
2. The signals ”external STOPs” are processed internally in a special way:
S In order to increase the level of security that a requested ”external STOP”
actually takes effect, the STOPs are internally exchanged between the two
channels. Failure of the stop control function in one channel does not
cause an error for these signals (in contrast to the mode changeover
signals, e.g. ”SG/SBH active”) in the crosswise data comparison.
While other signals can be subject to a forced checking procedure in parallel
and in both channels (and should be -- in order to avoid errors being trigge-
red by the crosswise data comparison), the ”external STOPs” must be sub-
ject to a forced checking procedure one after the other in both channels.

7.1.3 Connecting sensors - actuators using the 3-- terminal concept

Basic principle for safety--related signal processing

With the 3--terminal concept, three terminals (signals) are required to connect a
sensor or actuator. Faults/errors in the sensors and actuators can be detected in
conjunction with the SPL--CDC and forced checking procedure or the forced
checking as a result of the process itself. The connecting cables are generally
monitored autonomously by the fail--safe I/O.
The following applies to the safety--related sensor connection:
2 safety--related inputs + 1 standard test output.
The following applies to the safety--related actuator connection:
2 safety--related outputs + 1 standard test input.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-197
Connecting Sensors/Actuators 10/15
7.1 Safety--relevant input/output signals

Example of an actuator connection

2 outputs (to control through 2 channels via SGA) and 1 standard test input (for the
forced checking procedure) are required to connect an actuator in a safety--related
fashion. The test input is the feedback signal from the load circuit and is fed from
the power supply voltage of a standard input module. The user should derive this
as directly as possible from the process quantity.
Actuator control P/M switching:
The actuator is directly controlled using a plus potential (P--switching) and minus
potential (M--switching). If the actuator is not a qualified component (safety compo-
nent or component with fault exclusion), then in the case that the actuator fails, the
user must apply additional cascaded measures in order to bring the process into a
safe condition.
Example:
The process quantity, e.g. hydraulic pressure, is switched using a standard valve
that is controlled in a safety--related fashion. A pressure sensor signals the status
of the process quantity. If the valve can no longer switch due to a fault condition,
then using a safely controlled standard contactor, the motor that is generating the
pressure, is shutdown. The advantage of this particular version is that components
can be used that are already available as standard. As to whether this solution can
be used, must be confirmed as a result of the risk assessment (see Fig. 7-3).

IM 151--1 F--DO DI PM--E F

High Feature ET 200S PROFIsafe

PROFIBUS
with PROFIsafe

Feedback signal
Pressure
sensor

When OK, only the valve

Shutdown, 24 V load
is switched. The pump
channel 1 circuit,
remains powered--up.
valve

In the case of a fault, the

feedback signal from the Shutdown, 400 V load
pressure sensor is not channel 2 circuit, motor
received, the pump motor is
Feedback signal
additionally switched.

Figure 7-3 Cascaded shutdown using fail--safe outputs

In other cases a second actuator must be connected in series in the load circuit
(see Fig. 7-4).

© Siemens AG 2015 All Rights Reserved

7-198 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.1 Safety--relevant input/output signals

In conjunction with the safety--related control of a brake, no feedback signal is

available. The brake test will identify as to whether the actuator is correctly functio-
ning from a mechanical perspective.

IM 151--1 F--DO DI
High Feature ET 200S PROFIsafe

PROFIBUS
with PROFIsafe
Electronics output -- M

24 V load Indirect position

circuit, monitoring of the load
indirect using positive--driven
400 V contacts
Feedback
signal

Electronics output -- P

Figure 7-4 Actuator connection via fail--safe outputs, e.g. 400 V load circuit -- P/M--switching

Example of connecting a sensor

2 safety--related inputs (to read--in through 2 channels via SGE) and 1 standard
test output (for the forced checking procedure) are required to connect a sensor in
a fail--safe fashion. The test output is fed from the power supply voltage of the
safety input module. For sensors with a self--test routine, the test output on the
input module is not required. For the 3--terminal connection concept we recom-
mend that sensors with non--equivalence contacts are used (NC contact/NO con-
tact). If a P or M short--circuit or broken cable at both signal cables, then a signal
state is obtained that is not logically permissible. This means, that a cross--circuit
fault can be detected by the non--equivalence concept without having to carry out
any test.

Note
Cross--circuit fault detection in the input module is not required.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-199
Connecting Sensors/Actuators 10/15
7.1 Safety--relevant input/output signals

IM 151--1 F--DI
High Feature ET 200S PROFIsafe

PROFIBUS
with PROFIsafe

VS
Non--equivalence
To activate and e.g. user contacts (NC contact/
deactivate agreement NO contact) with the
3--terminal concept

Remark: In this case, it is not possible

to connect the pushbuttons in series!

Figure 7-5 Sensor connection using fail--safe inputs according to the 3--terminal concept

7.1.4 Sensor connection using the 4-- terminal concept

For the 4--terminal concept, four terminals are required at the fail--safe input
module to connect a sensor that utilizes a contact (e.g. Emergency Stop push-
button). Faults/errors in the sensors and actuators can be detected in conjunction
with the SPL--CDC and forced checking procedure or the forced checking as a
result of the process itself. The connecting cables are generally monitored autono-
mously by the fail--safe input module.
The following applies to the safety--related sensor connection:
2 safety inputs + 2 standard test outputs

Example
2 inputs (to read--in the 2--channel sensor signals via SGE) and 2 standard test
outputs (for the forced checking procedure) are required for the fail--safe connec-
tion of a sensor. The test outputs are supplied from the two power supply voltages
(VS1, VS2) of the safety input module. For the connection concept with 4 termi-
nals, both equivalence (NC contact/NC contact, NO contact/NO contact) as well as
non--equivalence (NC contact/NO contact) contact versions are possible.

© Siemens AG 2015 All Rights Reserved

7-200 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.1 Safety--relevant input/output signals

Note
Cross--circuit fault detection in the input module is not required. Measures against
cross--circuit faults are required only for equivalence contacts (NC contact/NC
contact, NO contact/NO contact) if the cable has been routed so that it is very
exposed, e.g. for cables connecting handheld terminals. This can be mechanically
implemented in the cable, e.g. using the appropriate shielding.

IM 151--1 F--DI
ET 200S PROFIsafe
High Feature

PROFIBUS
with PROFIsafe

VS 1
VS 2 Equivalence
Two circuit e.g. contacts (NC
Closed--circuit prin-- Emergency contact/NC
ciple (deactivation) Stop contact) with
the 4--terminal
concept
VS 1
VS 2 Equivalence
Double open e.g. user contacts (NO
conductor loops agreement contact/NO
(activating) contact) with
the 4--terminal
concept

Figure 7-6 Sensor connection using the 4--terminal concept

7.1.5 Multiple distribution and multiple interlocking

Interlocking functions between the SGE/SGA are implemented in the NCK channel
in the NCK--SPL. However, in order to relieve the NCK--SPL, it is also possible to
pre--process signals between the NCK--SPL and NCK monitoring channel using
the ”multiple distribution” and ”multiple interlocking” functions.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-201
Connecting Sensors/Actuators 10/15
7.1 Safety--relevant input/output signals

Note
The multiple distribution/interlocking that can be parameterized in the NCK
machine data must be programmed by the user on the PLC side.

Processing the NCK--SGE for 840D sl (multiple distribution)

Axis--specific/spindle--specific machine data is used to define which internal SPL
output is to be used for which function and which axis/spindle. Under the condition
that certain axes/spindles belong to the same safety group, it is possible to imple-
ment multiple distribution (1 NCK--SPL output is assigned, for example, to 3 axes
with the same function). In addition, when an internal NCK--SPL output is selected
via MD, it is also possible to define whether the inverted signal is also to be pro-
cessed.

NCK--SGE/
NCK--SPL Multiple SGA Monitoring
Inversion
Inversion
OUTSI distribution interface comparators
Output 1 ... ...
Output 2 SGE ... Yes/ no for axis 1
Output x ... ...
... ... ...
... SGE ... Yes/ no for axis 2
...... ... ...
... ... ...
... SGE ... Yes/ no for axis 3
Output n ...... ...

Figure 7-7 Multiple distribution for NCK--SGE

Example
It must be possible to change over between the ”safe software limit switches” 1 or
2 for axes 1, 2 and 3 as a group using an internal NCK--SPL output (OUTSI x).
The machine data must be parameterized as follows:
Axis 1: MD36973 $MA_SAFE_POS_SELECT_INPUT = OUTSI x
Axis 2: MD36973 $MA_SAFE_POS_SELECT_INPUT = OUTSI x
Axis 3: MD36973 $MA_SAFE_POS_SELECT_INPUT = OUTSI x

© Siemens AG 2015 All Rights Reserved

7-202 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.1 Safety--relevant input/output signals

Processing the NCK--SGA for 840D sl (multiple assignment)

Axis--specific/spindle--specific machine data is used to define which SGA from
which axis/spindle must be assigned to which NCK--SPL input. It is possible to
implement a multiple assignment (SGA from several axes are assigned to 1 input)
provided that certain axes/spindles belong to the same safety group. The SGA are
then ANDed and the result output at the NCK--SPL input. In addition, when an
NCK output is selected via an MD, it is also possible to define whether the signal is
to be output in an inverted form before it is ANDed.

NCK--SGE/
NCK--SPL Multiple Inversion
Monitoring
SGA
INSI assignment comparators
interface
Input 1 ... ...
Input 2 Yes/ no SGA... for axis 1
Input x ... ...
... ... ...
...
...
& ...
Yes/ no SGA...
...
for axis 2

... ... ...

... Yes/ no SGA... for axis 3

Input n ...... ...

Figure 7-8 Multiple assignment for NCK--SGA

Example
Axes 1, 2 and 3 belong to one safety area. For these axes, the message ”axis
safely referenced” should be output at one NCK--SPL input (INSI) (this means that
the message is output at the input if the message (signal) is present for all 3 axes).
The machine data must be parameterized as follows:
Axis 1: MD36987 $MA_SAFE_REFP_STATUS_OUTPUT = INSI x
Axis 2: MD36987 $MA_SAFE_REFP_STATUS_OUTPUT = INSI x
Axis 3: MD36987 $MA_SAFE_REFP_STATUS_OUTPUT = INSI x

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-203
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

7.2 Connecting I/O via PROFIsafe

7.2.1 Function description

The fail--safe master (F master) integrated in SINUMERIK 840Dsl in conjunction

with fail--safe I/O modules (F--modules), permits fail--safe communication as spe-
cified according to the PROFIsafe profile both on PROFIBUS DP as well as on
PROFINET IO (PROFIsafe communication).
This means that the safety--related input/output signals of the process (machine)
are coupled to the Safety Integrated function ”safe programmable logic” (SPL) in
the same way for both the PLC and NCK--SPL via the particular I/O bus. Fail--safe
I/O devices can be connected via all I/O connections.

PN device ET 200S

PROFINET--IO

Ethernet PROFIBUS DP DP slave ET 200S

PN device ET 200S

Machine control panel

DP slave ET 200S
Operate

SINUMERIK 840D sl

Figure 7-9 SI I/Os using fail--safe modules connected to PROFIBUS DP

PROFIsafe
PROFIsafe is a communication profile for fail--safe data transfer between fail--safe
components based on the field buses PROFIBUS and PROFINET. This represents
an extension to the standard communication. This allows both standard compo-
nents and fail--safe components to be simultaneously operated on a PROFIBUS/
PROFINET system.
The PROFIsafe profile is characterized by the fact that communication between
the safe terminal nodes, i.e. the F--CPUs, the distributed slaves and the actuators/
sensors/field devices, uses standard PROFIBUS functions.

© Siemens AG 2015 All Rights Reserved

7-204 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

The useful (net) data of the safety function plus the safety measures are sent in a
standard data telegram. This does not require any additional hardware compo-
nents, since the protocol chips, drivers, repeaters, cables can still be used as they
are.
SINUMERIK Safety Integrated supports PROFIsafe V1 and PROFIsafe V2.
Communication profiles in accordance with IEC 61784
CP 3/1: PROFIBUS
CP 3/4: PROFINET CLASS A
CP 3/5: PROFINET CLASS B
CP 3/6: PROFINET CLASS C (IRT)
S V1 mode
This mode is designed for pure CP 3/1 networks (PROFIBUS DP).
S V2 mode
This mode has been designed for pure CP 3/4 -- CP 3/6 networks (Ethernet,
PROFINET), but can also be used for CP 3/1 networks (PROFIBUS DP).

Note
The designations F master and F slave for PROFIBUS DP are in this
documentation – also for the designations F host and the F device for PROFINET.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-205
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

7.2.2 System structure

SINUMERIK 840D sl

PLC NCK

OB1 clock cycle

IPO cycle
User level
PLC--SPL NCK--SPL

SPL--SGE/SGA SPL--SGE/SGA
DB18: INSEP/OUTSEP $A_INSE/OUTSE

Safety Integr.-- --
Safety Integr.--

PROFIsafe clock cycle

Layer Layer
PROFIsafe clock cycle

SI data SI data
Operating system level

(OB40)

PROFIsafe-- PROFIsafe--
Layer Layer

Bus interface
Comm. cycle

Communi--
cation layer

PROFIBUS/PROFINET

DP/PN I/O DP/PN I/O

(ET 200S) (ET 200S)

User communication
Safety Integrated comm. Standard DP module
PROFIsafe comm.
PROFIBUS/PROFINET comm. F modules

Figure 7-10 System structure: SI I/O using F modules connected to PROFIBUS/PROFINET

Just like Safety Integrated, the PROFIsafe system structure also has a 2--channel
diverse system design based on the PLC and NCK--PROFIsafe layer.

© Siemens AG 2015 All Rights Reserved

7-206 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

PROFIsafe communication
The principle of PROFIsafe communications between SINUMERIK 840D and the
F modules is explained in detail below. This is based on the transfer of the SPL
output data $A_OUTSE/$A_OUTSEP to the F--DO modules:
The PROFIsafe layer creates a PROFIsafe telegram (F telegram) in each
PROFIsafe cycle with the ANDed SPL output data as F useful (net) data
F net data = (OUTSEP AND $A_OUTSE)
and the backup data (CRC and the consecutive number) and transfers it to the
communication layer via the bus interface.
In each communication cycle independent of the PROFIsafe cycle, the PROFIBUS
layer transfers a telegram with a PROFIsafe telegram generated from the F layer
as user data to the slave devices.

Warning
! It is not guaranteed that simultaneous changes to individual bits in the SPL (NCK
and PLC OUTSE), which are interpreted as a contiguous associated bit pattern,
are transferred together. It is possible that the receiver briefly receives an
inconsistent bit pattern.

Configuring/parameterizing
The configuration and parameterization needed to connect the F modules to the
external NCK/PLC--SPL interfaces entails the following steps:
1. Generating the configuration using SIMATIC STEP7.
2. Performing a standard SINUMERIK 840D sl commissioning (minimum require-
ment).
3. Loading the configuration and the PLC basic and user program modules into
the SINUMERIK 840D sl PLC.
4. Parameterizing the PROFIsafe--relevant SINUMERIK 840D sl machine data.
See Chapter7.2.4”Parameterizing the F master (NCK)”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-207
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

7.2.3 Configuring and parameterizing the PROFIsafe I/O

The configuration of the PROFIBUS/PROFINET I/O connections on the PLC side

of a SINUMERIK 840D sl is defined using the Step7 component HW Config. There
are two options:
S Integrating Siemens fail--safe devices via the hardware catalog
S Integrating third--party fail--safe devices by importing the corresponding generic
station description files.
This configuration is loaded into the PLC, the PLC evaluates this data and makes
the information required for PROFIsafe communication with an F--device, available
to the NCK and PLC--side Safety system SW for further evaluation of the F device
configuration.
In addition, the NCK machine data for PROFIsafe parameterization is transferred
from the NCK to PLC. Both components evaluate this machine data and compare
the F devices, which are parameterized in this data, with the F--device configura-
tion provided from the PLC.
The information on configuring and parameterizing the PROFIsafe I/O provided in
this chapter essentially refers to the specific requirements of SIMATIC. Complete
information on configuring and parameterizing PROFIsafe components from Sie-
mens is provided in the SIMATIC Manuals:
References:
S ET 200S Distributed I/O System, Operating Instructions
(http://support.automation.siemens.com/WW/view/de/1144348)
S ET 200S Distributed I/O System Fail Safe Modules, Installation and Operation
Manual
(http://support.automation.siemens.com/WW/view/de/27235629)
S ET 200pro Distributed I/O System, Fail--Safe Modules, Operating Instructions
(http://support.automation.siemens.com/WW/view/de/22098524)
S Distributed I/O system ET 200eco, Fail--Safe I/O Modules, Operating Instruc-
tions
(http://support.automation.siemens.com/WW/view/de/19033850)
S ET 200M Distributed I/O System Fail Safe Modules, Signal Modules Installation
and Operation Manual
(http://support.automation.siemens.com/WW/view/de/19026151)
S SIMATIC ET 200SP Distributed I/O System ET 200SP System Manual
(http://support.automation.siemens.com/WW/view/de/58649293)
S SIMATIC ET 200SP Distributed I/O System ET 200SP Equipment Manual
(http://support.automation.siemens.com/WW/view/de/90157130)
S SIMATIC Safety -- Configuring and Programming, Programming and Operating
Manual
(http://support.automation.siemens.com/WW/view/de/54110126)

© Siemens AG 2015 All Rights Reserved

7-208 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

Configuration
The F I/O are configured while configuring the standard I/O bus configuration using
STEP 7.

Parameterization
Both the standard and F parameterization of the F modules is carried out using the
relevant properties dialog box of the module. Select the appropriate I/O device
(e.g. IM 151--1) in the station window and then open the properties dialog box of
the relevant F module in the detailed view.

Note
The parameter assignments specified in this chapter only refer to the ET 200
modules.

Parameters: Input/output address

The following conditions apply to the input/output addresses of an F module:
S Input address for PLC317 PN PLC 317F
S Output address = input address

F parameterization
F parameterization is realized in the properties dialog box under:

Dialog: Properties
Tab: Parameter
Parameters > F parameters

The F parameters of the PROFIsafe components are automatically set to the

F monitoring time of the HW Config and cannot be changed.
The displayed values of the F parameters
S F_source_address
S F_target_address
must be entered into the machine data to parameterize the NCK in a subsequent
parameterizing step.
The value of the F target addresses should be set at to the I/O module (F module)
using the DIL switches provided.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-209
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Note
Fail--safe modules for ET 200SP do not have DIL switches that you can use to
assign a unique F target address for each module. Instead, the F target addresses
are permanently saved using the coding elements of the fail--safe modules. For
these modules, the PROFIsafe addresses (F target addresses) can be assigned
from the Step7.
S7 Distributed Safety -- Configuring and Programming, product information
(http://support.automation.siemens.com/WW/view/de/100648623)

Warning
! The PROFIsafe addresses are for unique identification of source and target of
safety--related communications.
For pure PROFIBUS DP subnets, the following applies:
The PROFIsafe target address must be unique network--wide* and station--wide**
(system--wide).
For ET 200S, ET 200pro, ET 200M and ET 200eco, a maximum of 1022 different
PROFIsafe target addresses can be assigned.
For ET 200SP, 65534 PROFIsafe target addresses can be assigned.
* A network consists of one or more subnets. ”Network--wide” means across
subnet boundaries.
** ”Station--wide” means for a station with HW configuration (e.g. a Sinumerik
840D).

F parameters: F_source/target_address
F_source_address
The F--source--address is the decimal PROFIsafe address of the F master allo-
cated automatically by HW Config. The F_source_address is formed from the
”basis for PROFIsafe addresses” plus the PROFIBUS address of the
PROFIBUS--DP interface.

Note
To clearly define the PROFIsafe communication, the PROFIsafe address of the
F master – assigned by HW Config – must be saved in the F master. To do this,
the PROFIsafe address of the F master must be converted from decimal into
hexadecimal and entered into the machine data of SINUMERIK 840D sl. See
Chapter 7.2.4 ”Parameterizing the F master (NCK)”.

F_target_address
The F_target_address is the decimal PROFIsafe address of the F module auto-
matically allocated by HW Config (the user can change this).

© Siemens AG 2015 All Rights Reserved

7-210 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

Note
In order to parameterize the PROFIsafe communication relationships, the F
master is informed, via the PROFIsafe address of the PROFIsafe component that
this PROFIsafe component is assigned to it. To do this, the PROFIsafe address
must be converted from decimal into hexadecimal and entered into the machine
data of SINUMERIK 840D sl. See Chapter7.2.4”Parameterizing the F masters
(NCK)”.

The DIL switch setting shown corresponds to the PROFIsafe address to be set at
the DIL switch of the F module.

F parameters: F_source/target_address(PROFINET IO)

F device
The F--addresses of the F device are assigned by the user when configuring. They
must be unique within a sub--network.
Note
Sub--networks are connected through 2--port routers, which therefore also repre-
sent the natural limits of the sub--networks.
F host
The F address of the F host is the ”Basis for PROFIsafe addresses” entered as
default from STEP 7 under the ”F parameter” tab. The user can subsequently
change the F address in steps of 1000.
Valid F addressing range: 1 -- FFFEH (1 -- 65534D)

F parameters: F--monitoring time

The F monitoring time defines the maximum time that is tolerated when a PROFI-
safe component is waiting for a new F telegram from its communication partner.

Note
If the F monitoring time is configured to be shorter than the PROFIsafe monitoring
clock cycle set using the appropriate machine data, when the control runs--up an
alarm is displayed:
Alarm 27242 ”PROFIsafe: F module %1, %2 incorrect”

Parameters: DO/DI channel x

The channels of an F module are parameterized in the properties dialog box under:

Dialog: Properties
Tab: Parameter
Parameter > module parameter> DO or DI channel x

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-211
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

F--DI module
The channels of the F--DI module are mapped differently to the NCK/PLC--SPL
inputs $A_INSE/INSEP depending on the selected parameterization.
S 2v2 parameterization
For 2v2 parameterization, the process signals of both channels in the F--DI
module are combined to form one F useful (net) data signal and thus supply an
SPL input data.

SINUMERIK 840D sl
ET 200S F--DI module
Channel 0 AND
$A_INSE/INSEP[n]
Channel 1 AND $A_INSE/INSEP[n+1]
Channel 2 AND $A_INSE/INSEP[n+2]

Channel 3 AND $A_INSE/INSEP[n+3]

Channel 4

Channel 5

Channel 6
Configuration: Channel x,y = 2v2
Channel 7

Figure 7-11 2v2 mapping of the F--DI channels to SPL input data for ET 200S

S 1v1 parameterization
For 1v1 parameterization, the process signals of both channels are transferred
from the F--DI module and can thus supply 2 different SPL input data.

ET 200S F--DI module SINUMERIK 840D sl

Channel 0 $A_INSE/INSEP[n]

Channel 1 $A_INSE/INSEP[n+1]

Channel 2 AND $A_INSE/INSEP[n+2]

Channel 3 AND $A_INSE/INSEP[n+3]

Channel 4 $A_INSE/INSEP[n+4]
Channel 5 $A_INSE/INSEP[n+5]

Channel 6

Channel 7 Configuration, channel x,y = 2v2

Configuration, channel x,y = 1v1

Figure 7-12 2v2/1v1 mapping of the F--DI channels to SPL input data

© Siemens AG 2015 All Rights Reserved

7-212 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

Note
If mixed 2v2 and 1v1 parameterization is used in an F--DI module, this can reduce
the number of SPL input data $A_INSE/INSEP that can be used. This is the
reason that we recommend that 1v1 is first parameterized followed by 2v2.
If more pieces of F net data of an F--DI module are used then the number relevant
bits that can be transferred by parameterizing the channels of the F--DI module,
then the control does not recognize this.
Example:
For a 2v2 parameterization of all of the channels of the F--DI module:
-- ET 200S F, F--DI module: 4/8 F--DI 24 V DC
The 8 transferred F net data bits contain 4 relevant (bit 0 -- bit 3) and 4
non--relevant bits (bit 4 -- bit 7).

F--DO module
The NCK/PLC--SPL outputs $A_OUTSE/OUTSEP are logically combined in the
F driver to produce an F net (useful) data signal (implicit 2v2 parameterization) and
mapped to the channels of the relevant F--DO module.

ET 200S F--DO module SINUMERIK 840D sl

Channel 0 ($A_OUTSE[n] AND OUTSEP[n])

Channel 1 ($A_OUTSE[n+1] AND OUTSEP[n+1])

Channel 2 ($A_OUTSE[n+2] AND OUTSEP[n+2])

Channel 3 ($A_OUTSE[n+3] AND OUTSEP[n+3])

Figure 7-13 Mapping the SPL output data to F--DO channels

PROFIsafe clock cycle and communication cycle time

When parameterizing the PROFIsafe clock cycle to ensure a correct PROFIsafe
communication, the cyclic bus communication time must be observed. For the
PROFIBUS bus system, this time can be determined as follows:
DP cycle time
After the station has been fully configured, the DP cycle time can be determined by
activating the equidistant (isochronous) bus cycle:
Open the properties dialog box of PROFIBUS DP master of the configured station
in HW Config:

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-213
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Dialog: Properties -- DP master system

Tab: General
Subnetwork, button: Properties
Dialog: Properties -- PROFIBUS
Tab: Network settings
Button: Options
Dialog: Options
Tab: Equidistant mode
Checkbox: Activate equidistant bus cycle /
Recalculate equidistant time
(Note: Activate the equidistant bus cycle using the checkbox: ”Activate equidistant
bus cycle/recalculate equidistant time”. This can be used to determine the DP
cycle time. The equidistant bus cycle should then be deactivated again.)
Display field: Equidistant bus cycle
(Note: The value calculated by HW Config and displayed in the display field:
”Equidistant bus cycle” has the same significance as the DP cycle time)
Cancel
Cancel
Cancel
A corresponding value should be determined for the PROFINET communication
coupling.

Note
The communication cycle time is required as guideline when parameterizing the
PROFIsafe clock cycle (refer to Chapter 7.2.5 ”Parameterizing the PROFIsafe
communication (NCK)”).
The information and instructions in the online documentation should be carefully
observed before changing the communication cycle time (button: ”Help” of the
relevant dialog box).

© Siemens AG 2015 All Rights Reserved

7-214 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

7.2.4 Parameterizing the F master (NCK)

The F master is parameterized in the machine data of the NCK and comprises the
following sub areas:
S PROFIsafe communication
-- PROFIsafe address of the F master
-- PROFIsafe clock cycle
See Chapter 7.2.5 ”Parameterizing the PROFIsafe communication (NCK)”.
S SPL--SGE/SGA interface
-- PROFIsafe address of the PROFIsafe component
-- F net data filter
-- SGE/SGA assignment
SPL--SGE interface See Chapter 7.2.6 ”Parameterizing the SPL--SGE interface
(NCK)”.
SPL--SGA interface: See Chapter 7.2.7 ”Parameterizing the SPL--SGA inter-
face (NCK)”.

7.2.5 Parameterizing the PROFIsafe communication (NCK)

Fail--safe master address

In order to define a unique and clear communication relationship between F slave
and F master, in addition to the target address (PROFIsafe address of the F
slave), the source address (PROFIsafe address of the F master) must be defined.
The PROFIsafe address of the F master is entered into the following machine
data:
S MD10385 $MN_PROFISAFE_MASTER_ADDRESS[ ]
(PROFIsafe address of the F master)
Input format: 0s 00 aaaa
-- s: Bus segment information
Value range: 5 = PLC--side I/O connections
-- aaaa: Hexadecimal PROFIsafe address
F parameters F_source_address (range of values: 1...64125)
In order to be able to handle different PROFIsafe master addresses at different
bus connections (e.g. PROFIBUS, PROFINET), this MD is created as MD field so
that it is possible to parameterize several PROFIsafe master addresses.
If the same PROFIsafe master address is configured for various I/O connections,
then only this one PROFIsafe master address must be saved in the MD.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-215
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Note
The PROFIsafe address of the F master is provided under:
S HW Config > Properties dialog of the F module> F parameter:
F_source_address

PROFIsafe clock cycle

The PROFIsafe clock cycle defines the time grid in which new F telegrams are
generated by the F master for transfer to the F modules. By default, the PROFI-
safe cycle time is derived from the interpolation cycle with the ratio 1:1.
As part of the PROFIsafe communications, a cyclic interrupt of the PLC user pro-
gram (OB1) is made. This is realized in the PROFIsafe clock cycle via OB40.
In order to reduce the possible resulting computational load, machine data
S MD10098 $MN_PROFISAFE_IPO_TIME_RATIO
(factor, PROFIsafe communications clock cycle)
can be used to modify the ratio between the PROFIsafe and interpolation clock
cycle.
To achieve a sufficiently fast response time for PROFIsafe communication, the
PROFIsafe cycle time must not be set to longer than 25 ms. The selected PROFI-
safe clock cycle is displayed in the machine data:
S MD10099 $MN_INFO_PROFISAFE_CYCLE_TIME
(PROFIsafe, communications clock cycle)
If the PROFIsafe cycle time is longer than 25 ms, an alarm will be displayed the
next time the control starts up:
S Interrupt: 27200 ”PROFIsafe cycle time %1 [ms] is too long”
PROFIsafe clock cycle and DP cycle time
The PROFIsafe cycle time should be parameterized to be longer than the DP cycle
time displayed by STEP 7: HW--Config. Otherwise, the load (in time) on the PLC
user program is increased as a result of unnecessary OB40 interrupts.

Note
The PROFIsafe clock cycle should be parameterized so that the following applies:
12 ms < PROFIsafe clock cycle < 25 ms

© Siemens AG 2015 All Rights Reserved

7-216 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

PROFIsafe clock cycle overruns

Even if the parameterized software operates error--free in normal operation, run
time fluctuations in the PLC operating system (e.g. processing diagnostic alarms)
can mean that the processing of the OB40 interrupt was not able to be completed
before the start of the next PROFIsafe clock cycle.
In this particular case, the NCK attempts, up to a limit of 50 ms after the last
correctly processed PROFIsafe clock cycle, to initiate an OB40 interrupt. The
repeated attempts to initiate the OB40 interrupt are no longer executed in the
PROFIsafe clock cycle but in the IPO clock cycle.
After the 50 ms limit value is exceeded, Alarm 27253 ”PROFIsafe communication
error F master component %1, error %2” is output and the configured stop
response (Stop D or E) is initiated. PROFIsafe communication processing is
stopped. This means that the communication to F modules, type F--DO or F--DI/
DO is interrupted. PROFIsafe drivers of Type F--DI or F--DI/DO F modules that
have been stopped output fail--safe values (0) as F net data towards the SPL.
Further, an attempt is still made to initiate the OB40 interrupt and to maintain
PROFIsafe communications.
The time up to initiating the next OB40 interrupt is displayed in the following NCK
machine data:
S MD10099 $MN_INFO_PROFISAFE_CYCLE_TIME
(PROFIsafe communication clock cycle)
If the PROFIsafe clock cycle is continuously exceeded and just not sporadically,
then the following alarm is displayed:
S Interrupt: 27256 ”PROFIsafe actual cycle time %1 [ms] > parameterize cycle
time”

Distribution of the computational load on the NCK side

MD10095 $MN_ SAFE_MODE_MASK, bit 3 lists an operating mode with which
the computational load can be distributed using the PROFIsafe driver to the IPO
clock cycles, the lie in a PROFIsafe clock cycle.
If this operating mode is activated, with MD13307 $MN_PROFISAFE_IPO_
RESERVE (default value = 0), users have the option of reserving part of the IPO
clock cycles so that in these clock cycles no PROFIsafe driver is computed.
This can make sense, especially for many active PROFIsafe devices, as the
PROFIsafe processing on the PLC side makes this time necessary.
Example:
MD PROFISAFE_IPO_TIME_RATIO = 8
MD PROFISAFE_IPO_RESERVE = 3
=> in 5 of the 8 IPO cycles per PROFIsafe cycle, PROFIsafe drivers are computed
in the remaining 3 IPO clock cycles, no PROFIsafe computation is performed on
the NCK side.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-217
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Parameter assignment:
Machine data $MN_PROFISAFE_IPO_RESERVE becomes effective at power on.
If the value in $MN_PROFISAFE_IPO_RESERVE exceeds the value set in
$MN_PROFISAFE_IPO_TIME_RATIO, then Alarm 27034 ”Parameterization of
MD %1[%2] invalid” is output with the note relating to machine data
$MN_PROFISAFE_IPO_RESERVE.
Machine data bit $MN_SAFE_MODE_MASK, bit 3, to activate the modified
PROFIsafe driver sequence in the NCK, is incorporated in checksum
$MN_SAFE_GLOB_ACT_CHECKSUM[0]. Machine data
$MN_PROFISAFE_IPO_RESERVE is also incorporated in checksum
$MN_SAFE_GLOB_ACT_CHECKSUM[0].

7.2.6 parameterizing the SPL-- SGE interface

A bitwise assignment can be made using machine data to better link the SPL
interfaces to the net (useful) data of the F modules.

Symbolic name
In order to be able to display the various PROFIsafe modules in accordance with
symbols that can be specified by a machine manufacturer, using the MD fields
S $MN_PROFISAFE_IN/OUT_NAME[0...47]
it is possible to save symbolic names such as these. This name is used in the
following situations:
S Alarms: If a symbolic name for a PROFIsafe connection has been saved in the
MD mentioned, then this is displayed instead of the PROFIsafe address. This
applies to the following alarms:
27251 PROFIsafe: F module %1, %2 signals error %3 %1 = name
27254 PROFIsafe: F module %1, error on channel %2; %3<ALSI>%1 = name
27255 PROFIsafe: F module %1, general error %1 = name
27257 PROFIsafe: %1 %2 signals system error %3 (%4) %2 = name
only if %1 = ”F--module”
S Diagnostic screens: In addition to the PROFIsafe address, the symbolic name
is also displayed in the diagnostic screens.
For PROFIsafe modules that are addressed in several MD blocks (several subslots
or several SPL couplings), then the symbolic name, which is saved in the MD set
with the lowest array index, is applicable. All other connection names are ignored.
The symbolic names can be freely selected and can be a maximum of 15 charac-
ters.
Machine data that contain symbolic names are not included in any checksum
calculation. The name can therefore be changed without aligning the checksum.
The value of the machine data becomes active after a control hot restart.

© Siemens AG 2015 All Rights Reserved

7-218 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

Note
The examples, now listed, to parameterize the SPL--SGE interface are based on
the following specifications:
F--DI module
-- F address: 114 = 90H
-- F net data length: 8 bytes
Machine data
-- MD10386 $MN_PROFISAFE_IN_ADDRESS[5] = 05 00 0090
-- MD13300 $MN_PROFISAFE_IN_FILTER[5] = 000F 000F
-- MD10388 $MN_PROFISAFE_IN_ASSIGN[5] = 008 001
-- MD13308 $MN_PROFISAFE_IN_NAME[5] = PS_IN_5

Assignment: PROFIsafe component to the F master

F net data of an F--DI module is sub--divided into units each 32 bits. Each of these
32 bit units are known as sub--slots. This sub--division, for assigning the F--DI
module to the F master is expressed in the sub--slot address.
The machine data is used to assign the F--DI module to the F master:
S MD10386 $MN_PROFISAFE_IN_ADDRESS[0...47]
(PROFIsafe address of the F--DI module)
Input format: 0s 0x aaaa
-- s: Bus segment
Value range: 5 = PLC--side I/O connection
-- x: Sub--slot address
Value range: 0...2
x = 0 addresses the F net data signals 1...32
x = 1 addresses the F net data signals 33...64
x = 2 addresses the F net data signals 65...96
in the PROFIsafe telegram of the F slave
-- aaaa: Hexadecimal PROFIsafe address of the F module
Value range: 1...FFFFH

Note
The PROFIsafe address of an F module is provided in STEP7 HW Config under:
Properties dialog box of the F module > F parameters: F_target_address
The PROFIsafe address of the F module is displayed in the decimal format in HW
Config but must be entered into the machine data in the hexadecimal format.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-219
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Example
Net data of the 1st sub--slot is used to supply the SPL--SGE of the F--DI module
with the PROFIsafe address: 90H.

F net data signals: 64 33 32 1

F--DI module 2nd sub--slot [1] 1st sub--slot [0]

PROFIsafe address: 90H

Assignment of the 1st sub--slots via MD:

PROFISAFEE_IN_ADDRESS[5] = 05 00 0090H

Figure 7-14 F--DI addressing with the sub-- slot

As a result of the possibility of flexibly assigning the F net data of an F--DI module
to the SPL--SGE by combining the machine data now described (...IN_FILTER[n]
and ...IN_ASSIGN[n]), it is possible and also makes sense to use the same
PROFIsafe and sub--slot address a multiple number of times within the machine
data:
S $MN_PROFISAFE_IN_ADDRESS[0...max. Index]
Possible or would make sense.

Note
All machine data to connect an F--DI module to the SPL--SGE are associated with
one another through the common index of the machine data:
S $MN_PROFISAFE_IN_ADDRESS[Index]
S $MN_PROFISAFE_IN_FILTER[Index]
S $MN_PROFISAFE_IN_ASSIGN[Index]
S $MN_PROFISAFE_IN_NAME[Index]

F net data filter

If not all of the F net data signals of the sub--slots of an F--DI module are required
for further processing within the SPL, then the relevant F--net data signal signals
can be selected using the F--net data filter. Only these are then transferred to the
SPL--SGE.
In the output direction, the F net data filter allows the SPL--SGA ($A_OUTSE),
selected using $MN_PROFISAFE_OUT_ASSIGN[Index], to be distributed to any
F net data signals within the sub--slot.
The F net data filter is parameterized in the machine data:
S MD13300 $MN_PROFISAFE_IN_FILTER[0...47] (F net data filter IN)

© Siemens AG 2015 All Rights Reserved

7-220 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

Each F net data signal of the sub--slot is assigned to a filter bit. The filter bits of the
F net data signals, that are to be transferred to SPL--SGE, should be set to 1. The
filter bits of the F net data signals, that are not to be transferred, should be set to
0. The selected F net data signals are always transferred to the SPL--SGE as a
consecutive bit field (i.e. a bit field without any gaps).
FFFF FFFFH is the default setting of the filter. This means that all F net data
signals are transferred.
Example
8 F net data signals (bits 0...3 and bits 16...19) of the 1st sub--slot are filtered from
the F net data of the F--DI module and transferred to the SPL--SGE.
S MD10386 $MN_PROFISAFE_IN_ADDRESS[5] = 05 00 0090
S MD13300 $MN_PROFISAFE_IN_FILTER[5] = 000F 000F
S MD10388 $MN_PROFISAFE_IN_ASSIGN[5] = 008 001

32 1
NCK--SPL--SGE ($A_INSE)
MD PROFISAFEIN_ASSIGN[5] 00000000 00000000 00000000 10101010

Direction of transfer
Filter setting for the 1st sub--slot Bit31 Bit0
MD PROFISAFE_IN_FILTER[5] 00000000 00001111 00000000 00001111

Bit31 Sub--slot[0] Bit0

F net data signals Sub--slot[1] 10101010 10101010 10101010 10101010
of the F--DI module
MD POFISAFE_IN_ADDRESS[5]
Figure 7-15 Filtering the F net data signals in the input direction

SPL--SGE assignment
With this assignment, it is defined in which SPL--SGE ($A_INSE/$A_INSEP) the
seamless (without gaps) F net data selected using the F net data filter are trans-
ferred.
The assignment is made using machine data:
S MD10388 $MN_PROFISAFE_IN_ASSIGN[0...47],
(input assignment: F net data signals to $A_INSE)
Input format: aaa bbb
-- aaa: Area limit 1, SPL--SGE $A_INSE/INSEP[aaa]
-- bbb: Area limit 2, SPL--SGE $A_INSE/INSEP[bbb]

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-221
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Note
Area limits 1 and 2 are used to specify the area of the SPL input/output data to be
written to/read from via the PROFIsafe connection. The sequence in which the
upper and lower limit values are specified can be freely selected.
Example: The following data have the same significance
$MN_PROFISAFE_IN_ASSIGN[3] = 008 005
$MN_PROFISAFE_IN_ASSIGN[3] = 005 008

Example
8 F net data signals of the 1st sub--slot filtered from the F net data of the F--DI
module are transferred in the SPL--SGE from $A_INSE[1]/INSEP[1]) onwards.
S MD10386 $MN_PROFISAFE_IN_ADDRESS[5] = 05 00 0090
S MD13300 $MN_PROFISAFE_IN_FILTER[5] = 000F 000F
S MD10388 $MN_PROFISAFE_IN_ASSIGN[5] = 008 001

32 1
NCK--SPL--SGE ($A_INSE)
MD PROFISAFE_IN_ASSIGN[5] 00000000 00000000 00000000 10101010

Direction of transfer
Filter setting for the 1st sub--slot Bit31 Bit0
MD PROFISAFE_IN_FILTER[5] 00000000 00001111 00000000 00001111

Bit31 Sub--slot[0] Bit0

F net data signals Sub--slot[1] 10101010 10101010 10101010 10101010
of the F--DI module
MD PROFISAFE_IN_ADDRESS[5]

Figure 7-16 Transfer: Filtered F net data signals in SPL--SGE

© Siemens AG 2015 All Rights Reserved

7-222 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

7.2.7 Parameterizing the SPL-- SGA interface

Note
The following examples show the parameterization of the SPL--SGA interface
based on the following specifications:
F--DO module
-- F address: 256 = 100H
-- F net data length: 6 bytes
Machine data
-- MD10387 $MN_PROFISAFE_OUT_ADDRESS[3] = 05 00 0100
-- MD13301 $MN_PROFISAFE_OUT_FILTER[3] = 0000 1031
-- MD10389 $MN_PROFISAFE_OUT_ASSIGN[3] = 008 005
-- MD13309 $MN_PROFISAFE_OUT_NAME[3] = PS_OUT_3

Assignment: PROFIsafe component to the F master

The F net data of an F--DO module are sub--divided into 32--bit units. Each of
these 32 bit units are known as sub--slots. This sub--division, for assigning the
F--DO module to the F master is expressed in the sub--slot address.
The machine data is used to assign the F--DO module to the F master:
S MD10387 $MN_PROFISAFE_OUT_ADDRESS[0...47]
(PROFIsafe address of the F--DI module)
Input format: 0s 0x aaaa
-- s: Bus segment
Value range: 5 = PLC--side I/O connection
-- x: Sub--slot address
Value range: 0...2
x = 0 addresses the F net data signals 1...32
x = 1 addresses the F net data signals 33...64
x = 2 addresses the F net data signals 65...96
in the PROFIsafe telegram to the F slave
-- aaaa: Hexadecimal PROFIsafe address of the F module
Value range: 1...FFFFH

Note
The PROFIsafe address of an F module is provided in STEP7 HW Config under:
Properties dialog box of the F module > F parameters: F_target_address
The PROFIsafe address of the F module is displayed in the decimal format in HW
Config but must be entered into the machine data in the hexadecimal format.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-223
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Example
SPL--SGA are written -- as F net data -- into the 1st sub--slot of the F--DO module
with PROFIsafe address: 100H.

F net data signals: 64 33 32 1

F--DO module 2nd sub--slot [1] 1st sub--slot [0]

PROFIsafe address: 100H

Assignment of the 1st sub--slots:

..._OUT_ADDRESS[3] = 05 00 0100H

Figure 7-17 F--DO addressing with sub--slot

As a result of the possibility of flexibly assigning the F net data of an F--DO module
to the SPL--SGA by combining the machine data now described (...OUT_FIL-
TER[n] and ...OUT_ASSIGN[n]), it is possible and also makes sense to use the
same PROFIsafe and sub--slot address a multiple number of times within the
machine data:
S $MN_PROFISAFE_OUT_ADDRESS[0...max. Index]
Possible or would make sense.

Note
All machine data to connect an F--DO module to the SPL--SGA are associated
with one another through the common index of the machine data:
S $MN_PROFISAFE_OUT_ADDRESS[Index]
S $MN_PROFISAFE_OUT_FILTER[Index]
S $MN_PROFISAFE_OUT_ASSIGN[Index]
S $MN_PROFISAFE_OUT_NAME[Index]

F net data filter

The F net data filter allows the selected SPL--SGA -- without any gaps -- to
distributed across any F net data signals within the sub--slot.
The F net data filter is parameterized in the machine data:
S MD13301 $MN_PROFISAFE_OUT_FILTER[0...47] (F net data filter OUT)
Every selected SPL--SGA is assigned a filter bit in an increasing sequence. The
filter bits, which are used to transfer the SPL--SGA to the F net data signals,
should be set to 1. The filter bits of the SPL--SGA that are not to be transferred,
should be set to 0.

© Siemens AG 2015 All Rights Reserved

7-224 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

FFFF FFFFH is the default setting of the F net data filter; this means that all of the
selected SPL--SGA, are transferred from F net data signal 1 onwards (bit 0) into
the F net data of the F--DO module.

Example
4 SPL--SGA are transferred into the F net data of the 1st sub--slot of the F--DO
module corresponding to the set filter bits:
S MD10386 $MN_PROFISAFE_OUT_ADDRESS[3] = 05 01 0100
S MD13301 $MN_PROFISAFE_OUT_FILTER[3] = 0000 00F0
S MD10389 $MN_PROFISAFE_OUT_ASSIGN[3] = 008 005

32 1
NCK--SPL--SGA ($A_OUTSE)
MD PROFISAFE_OUT_ASSIGN[3] 10101010 10101010 10101010 1010 1010

Filter setting for the 2nd sub--slot Bit31 Bit0

MD PROFISAFE_OUT_FILTER[3] 00000000 00000000 00000000 1111 0000

Bit31 Sub--slot[1] Bit0

F net data signals of the 00000000 00000000 00000000 1010 0000 Sub--slot[0]
F--DO module
MD PROFISAFE_OUT_ADDRESS[3]
Figure 7-18 Filtering SPL--SGA in the output direction

SPL--SGA assignment
The assignment defines which SPL--SGA ($A_OUTSE/$A_OUTSEP) are trans-
ferred in the F net data of the F--DO module. The SPL--SGA can only be specified
as a field of output signals without any gaps (consecutive field of output signals).
The assignment is made using machine data:
S MD10389 $MN_PROFISAFE_OUT_ASSIGN[0...47],
(Output assignment: SPL--SGA to F net data signals)
Input format: aaa bbb
-- aaa: Area limit 1 SPL--SGA $A_OUTSE/OUTSEP[aaa]
-- bbb: Area limit 2 SPL--SGA $A_OUTSE/OUTSEP[bbb]

Note
Area limits 1 and 2 are used to specify the area of the SPL input/output data to be
written to/read from via the PROFIsafe connection. The sequence in which the
upper and lower limit values are specified can be freely selected.
Example: The following data have the same significance
$MN_PROFISAFE_OUT_ASSIGN[3] = 008 005
$MN_PROFISAFE_OUT_ASSIGN[3] = 005 008

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-225
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Example
From the SPL--SGA, 4 output signals $A_OUTSE/OUTSEP[5] to $A_OUTSE/
OUTSEP[8] are selected for transfer in the F net data of the F--DO module:
S MD10386 $MN_PROFISAFE_OUT_ADDRESS[3] = 05 00 0100
S MD13301 $MN_PROFISAFE_OUT_FILTER[3] = 0000 1031
S MD10389 $MN_PROFISAFE_OUT_ASSIGN[3] = 008 005

32 1
SPL--SGA ($A_OUTSE/OUTSEP)
MD ...OUT_ASSIGN[3] 10101010 10101010 10101010 10101010

Direction of transfer
Filter setting Bit31 Bit0
MD ...OUT_FILTER[3] 00000000 000000000001000000110001

F net data Bit31 Sub--slot[0]

Bit0
of the F--DO module Sub--slot[1] 00000000 0000000000010000 00010000
MD ..._OUT_ADDRESS[3]

Figure 7-19 Selecting the SPL--SGA for filtering

© Siemens AG 2015 All Rights Reserved

7-226 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

7.2.8 Module type (NCK)

The type of PROFIsafe component cannot be explicitly specified. The F master

determines the type depending on the machine data in which a PROFIsafe
address has been entered:
S $MN_PROFISAFE_IN_ADDRESS
S $MN_PROFISAFE_OUT_ADDRESS
Dependent on this, the PROFIsafe component is identified as either input, output
or bidirectional I/O module.

Table 7-2 PROFIsafe component module types

..._IN_ADDRESS ..._OUT_ADDRESS Type

F address -- Input module
-- F address Output module
F address F address Input/output module

7.2.9 Parameterizing the F master (PLC)

In the PLC, the F master does not have to be explicitly parameterized regarding
the connection of F modules.
The PLC is parameterized explicitly as follows:
S Parameterizing the NCK
S Generating and downloading the configuration

Data block DB18

Two bit arrays in data block DB 18 are used to display which INSEP/OUTSEP
bytes are only assigned to F modules as a result of the parameterization in the
NCK machine data:
S MD10388 $MN_PROFISAFE_IN_ASSIGN
S MD10389 $MN_PROFISAFE_OUT_ASSIGN
only F modules are assigned.
Data block DB18 (excerpt):
STRUCT
:
SPL_DATA:STRUCT
INSEP: ARRAY[1 ... 64] OF BOOL;
OUTSEP: ARRAY[1 ... 64] OF BOOL;
:
//external SPL input bytes (HW) with PROFIsafe slaves
INSEP_PROFISAFE: ARRAY[1 ... 8] OF BOOL;

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-227
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

//external SPL output bytes (HW) with PROFIsafe slaves

OUTSEP_PROFISAFE: ARRAY[1 ... 8] OF BOOL;
:
END_STRUCT;

7.2.10 Response times

The response times listed here refer exclusively to the internal processing of the
signals by the F master. The following apply:
S T(FDI --> DB18) or T(FD I--> SPL--INSE)
The transfer time from the input area of the F--DI module to the input interface
of the PLC--SPL or NCK--SPL
S T(DB18 --> FDO) or T(SPL--OUTSE --> FDO)
The transfer time from the output interface of the PLC--SPL or NCK--SPL to the
output area of the F--DO module.
S T(FDI --> FDO)
Sum of the transfer times from:
-- T(FDI --> DB18) or T(FDI --> SPL--INSE)
-- Processing time by the user--specific SPL program.
-- T(DB18 --> FDO) or T(SPL--OUTSE --> FDO)
The following applies for the subsequent tables of the PLC and NCK processing
times:
S Values in italics can increase by up to 50 ms due to delays in the communica-
tion path between the NCK and PLC.
S PST = 50 ms (PST = PROFIsafe clock cycle) is the permanently implemented
maximum time to detect error--free communications between the NCK and
PLC. A STOP response (STOP D/E) is initiated if this time is exceeded.
S OB1 = 150 ms is the maximum time set as standard in the PLC--CPU to moni-
tor the user level. The PLC goes into the STOP state if this time is exceeded.
S 0...m * IPO: This time component only becomes applicable if delays are in-
curred on the PLC side. In this case, in each subsequent IPO clock cycle, it is
determined as to whether the PLC is ready to communicate again.
S OB40_INT is the maximum permissible time to initiate the interrupt on the NCK
side up to execution of the PROFIsafe software and a ready signal to the NCK.
The time is mainly determined by the run time (propagation time) of the F driver
implementation on the PLC side and the PLC user program to be run--through
in the OB40 context. These times typically lie in the vicinity of a few milli-
seconds.
S The specified maximum times are theoretical values; it is extremely improbable
that they actually occur in practice.
Reason:
-- It is improbable that the run time of the PLC--F driver is delayed -- in the
OB40 context -- by the maximum time of 50 ms. The reason for this is that
the interrupting organizational blocks (OB8x) only have such long run times
in extremely few cases.

© Siemens AG 2015 All Rights Reserved

7-228 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

-- For the theoretical value, it would be necessary that two consecutive runs of
the PLC--PROFIsafe master driver in the OB40 context are delayed by the
permitted maximum of 50 ms -- this is extremely improbable.
-- The maximum time of 150 ms for the user program is not reached in any of
the applications relevant in practice.

PLC processing times

Time: T(FDI-- >DB18)

Formula 2 * PST + 1 * OB1

Maximum times 2 * 50 ms + 1 * 150 ms 250 ms

Typical times 1) 2 * 16 ms + 1 * 30 ms 62 ms

Time: T(DB18-- >FDO)

Formula 2 * PST + 1 * OB1

Maximum times 2 * 50 ms + 1 * 150 ms 250 ms

Typical times 1) 2 * 16 ms + 1 * 30 ms 62 ms

Time: T(FDI-- >FDO)

Formula 4 * PST + 2 * OB1

Maximum times 4 * 50 ms + 2 * 150 ms 500 ms

Typical times 1) 4 * 16 ms + 2 * 30 ms 124 ms

1) Typical times: PST = 16ms; OB1 = 30ms

NCK processing times: PST 2 * IPO

Time: T(FDI-- >SPL-- INSE)

Formula 2 * PST + 1 * IPO

Maximum times 2 * 50 ms + 25 ms 125 ms

Typical times 1) 2 * 16 ms + 8 ms 40 ms

Time: T(SPL-- OUTSE-- >FDO)

Formula IPO + 0...m * IPO + OB40_INT

Maximum times 25 ms + 50 ms + 50 ms 125 ms

Typical times 1) 8 ms + 2 ms 10 ms

Time: T(FDI-- >FDO)

Formula 2 * PST + 2 * IPO + 0...m * IPO + OB40_INT

Maximum times 100 ms + 50 ms + 50 ms + 50 ms 250 ms

Typical times 1) 2 * 16 ms + 2 * 8 ms + 2 ms 50 ms

1) Typical times: PST = 16ms; IPO = 8ms; OB40_INT = 2ms

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-229
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

NCK processing times: PST > 2 * IPO

Time: T(FDI-- >SPL-- INSE)

Formula 2 * PST + 1 * IPO

Maximum times 2 * 48 ms + 8 ms 104 ms 2)

Typical times 1) 2 * 18 ms + 6 ms 42 ms

Time: T(SPL-- OUTSE-- >FDO)

Formula IPO + (n--2) * IPO + 0...m * IPO + OB40_INT

Maximum times 16 ms + 48 ms + 48 ms 112 ms 2)

Typical times 1) 6 ms + 6 ms + 2 ms 14 ms

Time: T(FDI-- >FDO)

Formula 2 * PST + PST + 0...m * IPO + OB40_INT

Maximum times 100 ms + 25 ms + 50 ms + 50 ms 225 ms 3)

Typical times 1) 2 * 18 ms + 18 ms + 2 ms 56 ms

with:
PST: PROFIsafe clock cycle
PST = n * IPO; with n = 1, 2, 3, ...
1) Typical times: PST = 18 ms; IPO = 6 ms; OB40_INT = 2 ms
2)
This time is valid for the case: IPO = 8 ms, n=3 => PST = 24 ms; (maximum ti-
mes for values n > 2)
3) This time is valid for the case: PST = n * IPO = 25 ms
This information always applies for communication via PROFINET. The special
features of the various bus systems do not need to be taken into account, except
for the time, determined by the set baud rate and the bus expansion level.

© Siemens AG 2015 All Rights Reserved

7-230 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

7.2.11 Functionality of the SPL input/output data

The functionality of the SPL input/output data is exclusively defined by the user
(machinery construction OEM) within the scope of the PROFIsafe communication
The SPL programs of NCK--SPL and PLC--SPL are not executed synchronously
(from a time perspective). Brief differences in the output data of the two SPL
programs (NCK: $A_OUTSE, PLC: $A_OUTSEP) can occur due to the runtime
differences in the SPL programs.
In order that the PLC and NCK use identical F net data for the two--channel gener-
ation of a PROFIsafe telegram, the SPL output data are interchanged alternating,
between the two channels (PLC: $A_OUTSEP and NCK: $A_OUTSE) in each
PROFIsafe clock cycle and before sending, are AND’ed with one another. For
safety reasons, this is the reason that the user must select the functionality of SPL
input/output data so that the value ”0” corresponds to the safe state of the functio-
nality represented by this data. Only then can it be ensured that the corresponding
function is only activated at the F slave output if the function has actually been acti-
vated in both SPL programs (PLC--SPL and NCK--SPL).

Warning
! For safety reasons, this is the reason that the functionality of an SPL input or
output data is selected so that the value ”0” corresponds to the safe state of the
functionality represented by this data.

As a result of the synchronization of the SPL output data described above, it can-
not be ensured that when several SPL output data are changed simultaneously --
taking into account in the SPL program -- that these are also transferred con-
sistently (in time) in the PROFIsafe telegram. If, in a user application, several SPL
output data are interpreted as a contiguous bit pattern, it must therefore be taken
into account that intermediate values can briefly occur.
Example:
Three SPL output data are considered to be contiguous. The value is changed
from 101 to 110 in both SPL programs (NCK--SPL and PLC--SPL).
Values transferred in the PROFIsafe telegram:

NCK--SPL AND PLC--SPL = PROFIsafe telegram

Output value 101 & 101 = 101
Possible intermediate values 110 & 101 = 100
Final value 110 & 110 = 110

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-231
Connecting Sensors/Actuators 10/15
7.2 Connecting I/O via PROFIsafe

Warning
! Due to runtime differences in the NCK--SPL and PLC--SPL it cannot be
guaranteed that when several SPL output data are simultaneously changed that
these are then consistently transferred in the PROFIsafe telegram.

7.2.12 Functional secondary conditions

When connecting via SPL I/O using one safety--related bus (PROFIsafe), several
secondary conditions and constraints must be taken into consideration when con-
figuring and programming:
S Faults/errors in the PROFIsafe input devices (e.g. input signals that differ from
one another) cause the associated SPL input signals ($A_INSE(P)) to be dele-
ted (cleared). This initiates a STOP D/E.
S The transfer of the external SPL input signals in the DB18 interface for the
$A_INSEP variables is realized inside the system. Only one signal state for
both SPL channels is transferred to the master from the PROFIsafe input
peripherals.
S The external SPL output signals of the DB18 interface ($A_OUTSEP variables)
are transferred within the system to the relevant PROFIsafe output modules.
A signal state is transferred to the output modules via PROFIsafe.
S It may be necessary to use single--channel signals (signals that are present
only in the PLC or only in the NCK) to change over external SPL outputs (e.g.
brake control). These single--channel signals must also be made available to
the other program channel to align the logic and program synchronously. Direct
communications between the NCK and PLC--SPL via DB18 is a good way to
achieve this.
S In each PROFIsafe cycle, the PROFIsafe layer generates a PROFIsafe tele-
gram with the logically AND’ed SPL output data as F net (useful) data.

PROFIsafe components
As far as the PROFIsafe components that can be operated with a SINUMERIK
840D sl, the following limitations apply:
S PROFIsafe components with dynamic i parameters are not supported.
S The maximum possible F net data width for each PROFIsafe component is
96 bits.
S The value range for the F address of PROFIsafe component is as follows: 1 --
65535D or 1 -- FFFFH

© Siemens AG 2015 All Rights Reserved

7-232 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.2 Connecting I/O via PROFIsafe

Axis--specific SGE/SGA
I/O (F net data) of an F module cannot be directly connected to axis--specific SGE/
SGA. They can only be connected in the context of the SPL that must be installed
for the purpose.

PLC SPL SGE/SGA

The basic PLC program automatically connects the I/O (F net data) of an F module
to the SPL interface in data block DB18.
It is not possible to connect them in a PLC user program.

7.2.13 PROFIsafe communication behavior when system errors occur

A system error relating to PROFIsafe communication exists, if the PROFIsafe

layer identifies erroneous behavior that is not as a result of a communication error
defined in the PROFIsafe protocol, but which can only be caused by incorrect be-
havior of the system software or hardware.
Driver--specific system errors:
S Asynchronous fault state (StateFault)
The NCK or PLC--PROFIsafe driver is in the fault state while the associated
PROFIsafe driver of the 2nd channel is not in a fault state.
=> Alarm 27257
PROFIsafe communication--specific system fault
S The SPL input/output data are not updated (SPL I/O--communication)
Data exchange between the SPL and the PROFIsafe drivers is interrupted.
=> Alarm 27257
S No longer any communications between the NCK and PLC
The PLC was not able to execute the OB40 request for PROFIsafe communica-
tion within the maximum monitoring time of 50 ms.
=> Alarm 27253
Depending on the particular error, the cyclic processing of the PROFIsafe driver
(driver--specific error) -- or the complete PROFIsafe communication (PROFIsafe
communication--specific system error) is stopped -- and Alarm 27257 ”PROFIsafe:
%1 %2 signals system error %3 (%4)” is displayed. With the alarm, the NC start is
locked and Stop D/E initiated.
Behavior regarding SPL:
PROFIsafe drivers of type F--DI or F--DI/DO F modules that have stopped output
fail--safe values (0) as F net data in the direction of SPL.
Behavior regarding PROFIsafe slave:
Stopped PROFIsafe drivers no longer generate F telegrams. At the latest after the
configured timeout time, the F modules (PROFIsafe slaves) identify the failure of
the PROFIsafe communication and go into the safe state corresponding to the
specifications of the PROFIsafe profile.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-233
Connecting Sensors/Actuators 10/15
7.3 Modular PROFIsafe I/O interface

7.3 Modular PROFIsafe I/O interface

Using this function, it is easier for machinery manufacturers to connect PROFIsafe
input and output modules for machine series with a modular design.
Example
The S7 configuration required for PROFIsafe communication, the appropriate NCK
machine data parameterization as well as the SPL programs for NCK and PLC are
in the control for the maximum expansion stage. Depending on the functionality
available in a real machine, then either the maximum number of PROFIsafe
modules are connected -- or just a subset of the possible PROFIsafe modules
The PROFIsafe connection and the SPL connection for the particular PROFIsafe
module are then activated while the machine is being commissioned by activating
the associated machine data set or slots. Activation is realized by setting one of
the activation bits assigned to the particular machine data set.
Activation
The ”modular PROFIsafe I/O interface” function is activated using machine data
10095 $MN_SAFE_MODE_MASK, bit 1 = 1.
The Step7 hardware configuration in the PLC must be available in the full scope.

7.3.1 PROFIsafe input modules

Activating a machine data set or slot

The activation of a machine data set for the PROFIsafe communication and SPL
coupling of an PROFIsafe input module is realized via:
MD13302 $MN_PROFISAFE_IN_ENABLE_MASK[m]. Bit x=1.
The machine data set of a slot includes the machine data:
S $MN_PROFISAFE_IN_ADDRESS[n]
S $MN_PROFISAFE_IN_FILTER[n]
S $MN_PROFISAFE_IN_ASSIGN[n]
S $MN_PROFISAFE_IN_SUBS_ENAB_MASK[n] (see substitute values)
S $MN_PROFISAFE_IN_SUBS[n] (see substitute values)
S $MN_PROFISAFE_IN_NAME[n]

© Siemens AG 2015 All Rights Reserved

7-234 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.3 Modular PROFIsafe I/O interface

Substitute values
If, within the scope of a specific machine configuration, the corresponding
PROFIsafe module for a slot is not connected, static substitute values can be
parameterized to supply the associated SPL inputs ($A_INSE).
Parameterization
The substitute values are parameterized using machine data 13305
$MN_PROFISAFE_IN_SUBS[n].
The substitute value for SPL input defined as lower range limit in MD10388:
$MN_PROFISAFE_IN_ASSIGN, is parameterized in MD
$MN_PROFISAFE_IN_SUBS, bit 0. In bit 1, the substitute value for the SPL input
”lower area limit + 1” etc.
Thus, substitute values are input into MD $MN_PROFISAFE_IN_SUBS referred to
the SPL input area defined in MD $MN_PROFISAFE_IN_ASSIGN. If substitute
values outside this SPL input area are set to a value of 1 in MD $MN_PROFI-
SAFE_IN_SUBS, then Alarm 27205 ”PROFIsafe: Number of signals MD %1[%2] <
> MD %3[%4]” is displayed.
Activation
In order to provide machinery manufacturers with the option of defining different
substitute values for various machine constellations for the SPL input range
belonging to a PROFIsafe input module, the output of parameterized substitute
values is explicitly activated in a machine data set using:
MD13304 $MN_PROFISAFE_IN_SUBS_ENAB_MASK[m], bit x = 1

Slot mode
As a result of the possibility of being able to activate or deactivate a slot as well as
to activate substitute values, the following slot modes are obtained:
S Active
In the control, a PROFIsafe driver is active for the slot -- and the F net data
transferred from the associated PROFIsafe input module is output to the SPL
inputs.
S Passive
In the control, there is no PROFIsafe driver active for the slot, and the para-
meterized substitute values are output at the SPL inputs.
S Inactive
In the control, there is no PROFIsafe driver active for the slot, and no data is
output at the SPL inputs. The inputs assigned using MD10388
$MN_PROFISAFE_IN_ASSIGN remain in the default state 0.
The following table shows the interrelationship between the machine data and the
slot mode obtained from this.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-235
Connecting Sensors/Actuators 10/15
7.3 Modular PROFIsafe I/O interface

PROFISAFE_IN_ENABLE_MASK[m], PROFISAFE_IN_SUBS_ENAB_MASK[m], Slot mode

Bit n Bit n
1 0 active
1 1 passive
0 x inactive

SPL assignment for passive slots

For active slots, where the F net data of the associated PROFIsafe input module is
transferred into the SPL inputs, the SPL input ranges assigned via MD $MN_PRO-
FISAFE_IN_ASSIGN must not overlap. If this rule is violated, Alarm 27204 ”PRO-
FIsafe: Dual allocation MD %1[%2] -- MD %3[%4]” is displayed.
To simplify parameter assignment, this rule does not apply to passive slots, whose
SPL input range overlaps with one or several active slots. In this case, without any
feedback to the user, the substitute values of the passive slot are automatically
only transferred to the SPL inputs that are not allocated active slots.
Example:
Active slot 1, corresponding to machine data set 5, is assigned SPL input range
9 -- 16.
$MN_PROFISAFE_IN_ASSIGN[5] = 009 016
Passive slot 2, corresponding to machine data set 7, is assigned SPL input range
5 -- 12.
$MN_PROFISAFE_IN_ASSIGN[7] = 005 012
$MN_PROFISAFE_IN_SUBS[7] = 0000 00FF

32 1
SPL inputs ($A_INSE) 00000000 00000000 10101010 11110000

16 9
Slot 1: F net data signals 10101010

12 5
Slot 2: Substitute values 11111111

Figure 7-20 Overlap of SPL input ranges of an active and passive slot

If the SPL input ranges of passive slots assigned using MD10388 $MN_PROFI-
SAFE_IN_ASSIGN overlap, then Alarm 27204 ”PROFIsafe: Dual allocation MD
%1[%2] -- MD %3[%4]” is displayed.

© Siemens AG 2015 All Rights Reserved

7-236 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.3 Modular PROFIsafe I/O interface

7.3.2 PROFIsafe output modules

Activating a machine data set or slot

A machine data set or slot for PROFIsafe communication and SPL interface of a
PROFIsafe output module are activated using:
MD13303 $MN_PROFISAFE_OUT_ENABLE_MASK[m], bit x = 1
The machine data set of a slot encompasses the data:
S MD $MN_PROFISAFE_OUT_ADDRESS[n]
S MD $MN_PROFISAFE_OUT_FILTER[n]
S MD $MN_PROFISAFE_OUT_ASSIGN[n]
S MD $MN_PROFISAFE_OUT_NAME[n]

Slot mode
The following slot modes are obtained as a result of the possibility of activating or
deactivating a slot:
S Active
In the control, a PROFIsafe driver is active for the slot and the SPL outputs are
output as F net data at the associated PROFIsafe output module.
S Inactive
In the control, there is no PROFIsafe driver active for the slot; the PROFIsafe
master does not address the corresponding PROFIsafe I/O module.
The following table shows the interrelationship between the machine data and the
slot mode obtained from this:

PROFISAFE_OUT_ENABLE_MASK[m], bit n Slot mode

1 active
0 inactive

Boundary conditions
Consistency check
In order that it is ensured that a consistent parameter assignment is also available
for the maximum expansion stage, when the control boots, the complete PROFI-
safe parameter assignments are always checked. This means a check is made as
to whether each machine data set of a parameterized slot is in itself consistent and
the appropriate PROFIsafe module is configured in the loaded S7 configuration.
This especially applies to machine data sets of inactive slots.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-237
Connecting Sensors/Actuators 10/15
7.3 Modular PROFIsafe I/O interface

A slot is considered to have been parameterized as soon as one of the following

data of the machine data set is not equal to the particular default value:
S MD $MN_PROFISAFE_IN/OUT_ADDRESS
S MD $MN_PROFISAFE_IN/OUT_FILTER
S MD $MN_PROFISAFE_IN/OUT_ASSIGN
PROFIsafe input/output modules
For PROFIsafe input/output modules, the input and output direction are para-
meterized via dedicated slots. These can be parameterized independently of one
another for each of the possible slot modes (active, passive or inactive).

© Siemens AG 2015 All Rights Reserved

7-238 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

7.4 Safety--related CPU--CPU communication

(F_DP communication)

Overview
For safety--relevant CPU--CPU communication to the plant/system coupling, a
fixed number of fail--safe data is transferred between the safety programs in the
F--CPUs. Data transfer is realized using the F_SENDDP blocks to send and
F_RECVDP blocks to receive.
The options as to how a SINUMERIK 840D sl with F_DP communication can be
integrated is shown in Fig. 7-21.
The F_DP communication is possible via PROFIBUS--DP (interface X126 or X136
of the NCU), as well as via PROFINET (PROFINET interfaces of the NCU7x0PN
of the PLC317F PN/DP) in the configurations PROFIBUS--DP master,
PROFIBUS--DP slave, PROFIBUS--DP slave -- peer--to--peer data transfer and
PROFINET IO controller (via PN/PN coupler).

PROFINET PN PROFINET
PN

IE
F--CPU F--CPU
DP

F--CPU F--CPU

PROFIBUS--DP DP PROFIBUS--DP
DP

PROFINET--capable CPU, e.g.:

F-- CPU SINUMERIK 840D sl
F--CPU
-- S7--300F CPU
PROFIBUS--capable CPU e.g.:
F-- CPU -- SINUMERIK 840D sl F_DP communication
-- S7--300F CPU
-- IM 151F

Figure 7-21 F_DP communication options with SINUMERIK 840D sl

With SINUMERIK 840D sl, a maximum of sixteen safety--relevant send connec-

tions and sixteen safety--relevant receive connections can be configured for each
NCU (option ”SI Connect”).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-239
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

Note
The diagram 7-21 is an example; for I Device, the PN/PN coupler can be
eliminated.

Note
SIMATIC--F--CPUs that support the F_SENDDP/F_RCVDP blocks are suitable as
communication partner, e.g. IM151F.

Note
The chapter only describes the SINUMERIK--specific safety--relevant CPU--CPU
communication to couple plants and systems corresponding to the SIMATIC
F_SENDDP/F_RCVDP protocol specifications. SINUMERIK does not support
SIMATIC S7 communication with F_SENDS7/F_RCVS7.

Description
When configuring F--DP communication between two F--CPUs, an input and output
area must be defined via SIMATIC Step 7 via which the F telegrams are exchan-
ged. The start address (logical basis address) can be freely selected. However,
within an F--CPU it must be the same for the input and output areas. However, a
different start address can be used in the two F--CPUs.
An F--DP communication always comprises a sender (F_SENDDP) and a receiver
(F_RECVDP). Only the sender (in Fig. 7-22 F_SENDDP of the F--CPU1) transfers
F net data -- in the F net data telegram -- to the receiver (in Fig. 7-22 F_RECVDP
of F--CPU2). The receiver only acknowledges the receipt of the F net data tele-
gram using an F acknowledgment telegram. The F acknowledgment telegram does
not contain any F net data.

© Siemens AG 2015 All Rights Reserved

7-240 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

F--CPU 1

I/O range

A address: 288
F_SENDDP length: 12 bytes
(sender)

CRC
I address: 288
length: 6 bytes

F acknowledgment telegram

CRC

Sequence
number
PROFIBUS--DP

F net data telegram

PROFINET
Sequence
number
F--CPU 2

Control
I/O range

Status
A address: 298

F net data
F_RECVDP Length: 6 bytes
(receiver)
I address: 298
Length: 12 bytes

Note
The I and O addresses used here are
examples only.

Figure 7-22 Components of an F_DP communication relationship

F net data telegram

The F_SENDDP of the F--CPU1 (sender) cyclically generates an F net data tele-
gram and writes it to the output data area of the F--CPU. The F net data telegram
has the following structure that is compatible to SIMATIC:
S 6 bytes F net data
-- 2 bytes Bool
-- 2x2 bytes for 2 INT values
(Notice: is not evaluated for SINUMERIK 840D sl)
S 2 bytes status word
S 2 bytes sequence number
S 2 bytes CRC
As a result of the F_DP communication relationship -- configured in SIMATIC
Step7 -- the F net data telegram is transferred from the output area of the F--CPU1
into the input area of the F--CPU2.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-241
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

F acknowledgment telegram
For an F net data telegram, which is identified as error--free, the F_RECVDP of the
F--CPU2 (receiver) generates an F acknowledgment telegram and writes this to the
output data area of the F--CPU. The F acknowledgment telegram has the following
structure:
S 2 bytes status word
S 2 bytes sequence number
S 2 bytes CRC

Note
For the F_DP communication, F net data is only transferred from the F_SENDDP
(CPU1: Sender) to F_RECVDP (CPU2: Receiver). If F net data also have to be
transferred in the opposite direction, i.e. from CPU2 to CPU1, then an additional
F_DP communication relationship must be configured.

7.4.1 Configuring and parameterizing the F_DP communication

The NCK machine data to parameterize F_DP communication are entered at the
HMI. The NCK--F_DP layer transfers the machine data via the dual port RAM
(DPR) to the PLC--F_DP layer. NCK and PLC--F_DP layer evaluate the particular
NCK machine data and initialize the parameterized F_SENDDP and F_RECVDP
drivers in this machine data for cyclic F_DP communication.
The machine data listed to parameterize F_DP communication are all taken into
account in checksums (if not explicitly explained), so that if the MDs are acciden-
tally changed, then an appropriate alarm is output.
The start addresses (logical basis addresses) of the input and output areas of the
F_DP communication at the I/O bus lines of a SINUMERIK 840D sl on the PLC
side are defined when configuring the hardware using SIMATIC Step7 HW Config.
The user must ensure that the starting addresses -- assigned on the STEP 7 side --
match the starting addresses parameterized in the NCK machine data. A check or
automatic alignment is not made.

Parameterizing logical basis addresses in Step7

The parameterization of logical basis addresses for the F_DP communication of
two NCUs via the X136 DP interface as PROFIBUS master--slave coupling is
described as an example in this section.
If a DP/DP or PN/PN coupler is used then the coupling is directly configured by
configuring these devices (see Simatic documentation).

© Siemens AG 2015 All Rights Reserved

7-242 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

PN/PN coupler
http://support.automation.siemens.com/WW/view/de/26993088/133300
DP/DP coupler
http://support.automation.siemens.com/WW/view/de/23641045/133300

Note
In order to couple the NCUs with one another, both NCUs must be configured in a
Step7 project.

Step 1: Set the interface type

The properties of the interface are accessed by double clicking on interface X136.
The interface type must be set to ”PROFIBUS” under the ”General” tab.
A window then opens with the PROFIBUS configuration. PROFIBUS must be con-
figured in this window in the usual way.
Step 2: Set the operating mode
Under the ”Mode” tab, an NCU must be set as ”DP slave”, the other NCU as ”DP
master”.
The configurations can then be saved in both NCUs.
Step 3: Establish the coupling
In order that communication can be established between both NCUs, a coupling
must be established between both of them. To do this, the already configured sta-
tion must be selected from the hardware catalog in the ”PROFIBUS--DP” area – for
SINUMERIK, this is ”CPU31...” – and this must then be dragged to the PROFIBUS
line of the PROFIBUS master NCU. The ”Properties -- DP slave” window is ope-
ned.
Under the ”Coupling” tab, the configured PROFIBUS master NCU must be selec-
ted and this connected by selecting ”Couple”. The window must then be exited with
”OK” and the project saved.
Step 4: Set the logical basis addresses
The addresses for the F_DP communication can now be set under ”Properties --
DP slave”. Double click on the Profibus slave NCU to open the properties window
in which the tab ”F Configuration” must be selected.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-243
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

Figure 7-23 Properties of the DP slave

The window to parameterize the logical basis addresses is opened by selecting

”New ...”. The mode (F master--slave send F--MS--S or F master--slave receive
F--MS--R) and the addresses (LADDR) of the connection can now be set in this
window.

© Siemens AG 2015 All Rights Reserved

7-244 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Figure 7-24 Properties -- DP slave -- F configuration

By creating a new connection, the addresses for the net data and acknowledgment
telegram are automatically parameterized. The parameterized addresses should
then be entered in MD13334/13344 $MN_SAFE_SDP/RDP_LADDR.

7.4.2 Sender F_SENDDP

In order to send SPL output data ($A_OUTSE) from one SINUMERIK 840D sl to
another F--CPU using F_DP communication, an SPL connection must be para-
meterized. An SPL connection comprises the following:
S F_DP communication relationship
The parameters of the F_DP communication are defined using the F_DP
communication relationship:
-- Identifier (DP_DP_ID) and connection name
-- Communication parameters:
-- I/O start address (LADDR)
-- Monitoring time (TIMEOUT)
-- Error response (ERR_REAC)
S SPL coupling
The SPL coupling is used to define which SPL outputs ($A_OUTSE) are
mapped to which net data signals of the F telegram.
Note:
The interpretation and processing of the F net data signals are realized via the
PLC and NCK SPL and are the exclusive responsibility of the user or SPL pro-
grammer.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-245
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

S Connection number
A parameterizing data set is assigned to an SPL connection using the connec-
tion number.
An SPL connection is defined in a parameterizing data set. For SINUMERIK 840D
sl, 16 parameterizing data sets are available for F_SENDDP. This means that a
maximum of 16 SPL connections, identified using 16 different identifiers
(DP_DP_ID) can be simultaneously active. In case of an error, Alarm 27306
”F_DP: Max. number of active SPL connections (%1) for %2 exceeded” is output
SPL output data ($A_OUTSE) can only be assigned to an SPL connection in the
parameterizing data of the SPL coupling as contiguous area. If the SPL output
data, which are required for an SPL connection, are not contiguous, but are dis-
tributed over several areas, then several SPL connections must be parameterized.
These SPL connections are designated using identical F_DP communication rela-
tionships and connection numbers, but different SPL couplings. The parameteriza-
tion of one SPL connection with several SPL couplings is designated as sub--slots
within the scope of PROFIsafe (see Chapter 7.2.6 ”Parameterizing the SPL--SGE
interface”).
The number of SPL couplings per SPL connection can be freely parameterized
within the framework of the number of parameterizing data sets that are available.
The following options are available to parameterize SPL connections and SPL
couplings for each SPL connection:
S SPL connections: 1 up to a maximum of 16
S SPL couplings per SPL connection: 1 up to a maximum of 16, whereby the sum
of all SPL couplings of all SPL connections can be a maximum of 16
For the case that 16 SPL connections are parameterized, for each SPL connec-
tion, there is only one SPL coupling available.
The following value range for system variables and machine data is obtained from
this:
S System variable index: 1...n with n = 16
S Machine data index: 0...m with m = 15

© Siemens AG 2015 All Rights Reserved

7-246 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

SINUMERIK 840D sl F--CPU

(logical view)
SPL
SPL connection
$A_OUTSE SPL
.....
SPL coupling
1...4
F net data
transfer
Connection
number

F_SENDDP System variable F_RECVDP

interface

PROFIBUS--DP

F_DP communication relationship PROFINET

Figure 7-25 Example for 1 SPL connection with 4 SPL couplings

Interface overview

Parameterizing data (NCK)

Activation data (NCK) $MN_SAFE_SDP_ID[0...m]
$MN_SAFE_SDP_ENABLE_MASK $MN_SAFE_SDP_NAME[0...m]
$MN_SAFE_SDP_CONNECTION_NR[0...m]
$MN_SAFE_SDP_LADDR[0...m]
$MN_SAFE_SDP_TIMEOUT[0...m]
$MN_SAFE_SDP_ASSIGN[0...m]
Output data (NCK) $MN_SAFE_SDP_FILTER[0...m]
$A_FSDP_ERROR[1...n] $MN_SAFE_SDP_ERR_REAC[0...m]
$A_FSDP_SUBS_ON[1...n]
$A_FSDP_DIAG[1...n] F_SENDDP Input data (NCK)
$A_FSDP_ERR_REAC[1...n]
Output data (DB18) $A_OUTSE
FSDP[1...16].ERROR $MN_PREVENT_SYNACT_LOCK
FSDP[1...16].SUBS_ON Input data (DB18)
FSDP[1...16].DIAG FSDP[1...16].ERR_REAC
FSDP[1...16].RETVAL14 SPL_DATA.OUTSEP[1...192]
FSDP[1...16].RETVAL15 SPL_READY
Fault responses
Alarm (HMI)
STOP D/E

Figure 7-26 Interface overview F_SENDDP

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-247
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

Activation data
Every parameterizing data set can be separately activated using the enable screen
form.
Parameterizing data
The parameterizing data set of an SPL connection involves the following values:
S Identifier:
-- DP_DP_ID: MD13331 $MN_SAFE_SDP_ID
-- Name: MD13332 $MN_SAFE_SDP_NAME
S Connection number: MD13333 $MN_SAFE_SDP_CONNECTION_NR #
S Communication parameters:
-- I/O start address: MD13334 $MN_SAFE_SDP_LADDR #
-- Monitoring time: MD13335 $MN_SAFE_SDP_TIMEOUT #
S Net data parameters:
-- SPL assignment: MD13336 $MN_SAFE_SDP_ASSIGN
-- F net data filter: MD13337 $MN_SAFE_SDP_FILTER
S Fault reaction: MD13338 $MN_SAFE_SDP_ERR_REAC #
For SPL connections with the same ID, all of the parameters designated with #
must be identical. In case of an error, Alarm 27305 ”F_DP: Parameter MD %1[%2]
< > MD%3[%4]”.
Input/output data
The input and output data provide the user or SPL programmer an interface
compatible to the SIMATIC F application blocks using system variables.
Fault responses
The system responses when a communication error occurs can be influenced by
the user by correspondingly setting the machine data
$MN_SAFE_SDP_ERR_REAC or, at a later point in time by programming the
system variables $A_FSDP_ERR_REAC in the SPL program.

SPL couplings (sub--slots)

Just the same as for PROFIsafe, also for F_SENDDP, only contiguous areas of
SPL output data ($A_OUTSE[x] to $A_OUTSE[x+y]) can be assigned to an SPL
connection. Several SPL connections must be parameterized if several non--con-
tiguous pieces of SPL output data are to be transferred. These are characterized
due to the fact that the parameters of the SPL couplings differ, but all other para-
meters of the SPL connection are identical. As part of the F_DP communication,
these SPL connections are combined to form a single SPL connection communi-
cating via PROFIBUS with several subordinate SPL couplings (sub--slots).

© Siemens AG 2015 All Rights Reserved

7-248 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Example of NCK parameterization1

The following specifications are applied when it comes to further describing the
NCK parameterization of an F_SENDDP communication relationship.
S Identifier
-- DP_DP_ID: 2000D
-- Name: ”WZM1”
S Connection number: 1
S Communication parameters
-- I/O start address: 288D
-- Monitoring time: 0.5 seconds
S Net data parameters
-- SPL outputs used: $A_OUTSE[1...4]
-- Filter data: 1111H
-- SPL outputs used: $A_OUTSE[33...36]
-- Filter data: 8888H
S Fault response: 0D
The following parameterizing data sets are obtained:
1. SPL connection (sub--slot 1)
$MN_SAFE_SDP_ID[0] = 2000D
$MN_SAFE_SDP_NAME[0] = WZM1
$MN_SAFE_SDP_CONNECTION_NR[0] = 1
$MN_SAFE_SDP_LADDR[0] = 288D
$MN_SAFE_SDP_TIMEOUT[0] = 0.5
$MN_SAFE_SDP_ASSIGN[0] = 001004D
$MN_SAFE_SDP_FILTER[0] = 1111H
$MN_SAFE_SDP_ERR_REAC[0] = 0
2. SPL connection (sub--slot 2)
$MN_SAFE_SDP_ID[1] = 2000D
$MN_SAFE_SDP_NAME[1] = WZM1
$MN_SAFE_SDP_CONNECTION_NR[1] = 1
$MN_SAFE_SDP_LADDR[1] = 288D
$MN_SAFE_SDP_TIMEOUT[1] = 0.5
$MN_SAFE_SDP_ASSIGN[1] = 033036D
$MN_SAFE_SDP_FILTER[1] = 8888H
$MN_SAFE_SDP_ERR_REAC[1] = 0

Note
All machine data of a parameterizing data set are linked with one another using
the common machine data index.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-249
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

MD13331 $MN_SAFE_SDP_ID
Identifier of the SPL connection
Every SPL connection must be assigned a freely selectable, unique identifier
(DP_DP_ID), however, this must be unique across all F--CPUs that are connected
using F_DP communication.

MD13332 $MN_SAFE_SDP_NAME
Connection name
An SPL connection can be given a freely selectable connection name with a maxi-
mum of 15 characters using MD $MN_SAFE_SDP_NAME. The connection name
is displayed at the HMI and in the alarm display. If a connection name has been
assigned, then for alarms 2735x, the name is displayed; if a name is not displayed,
then the corresponding DP_DP_ID identifier is displayed.
The connection name does not have to be specified in all of the parameterizing
data sets associated with an SPL connection. The connection name is always
used that is specified in the first active parameterizing data set, i.e. the parame-
terizing data set with the lowest machine data index. All other data sets of an SPL
connection are not evaluated with reference to connection names.
This MD is not incorporated in the checksum calculation; i.e. it can also be
changed without aligning the checksum.

MD13334 $MN_SAFE_SDP_LADDR
I/O start address
When generating the configuration in SIMATIC STEP7 HW Config, for each SPL
connection a start address must be defined for the I/O area which is used for the
F_SENDDP to exchange data with the associated F_RECVDP. The start address
must be the same for the input and output data areas.
The user must enter the I/O start address of the SPL connection, defined in the
configuration, in MD $MN_SAFE_SDP_LADDR[0...m].
Rules to define the start addresses and address areas of an SPL connection:
S The start address must be identical in the input and output data areas
S Slot length: Input data area = 6 bytes, output data area = 12 bytes
S Consistency of the slot in the input and output data areas in both cases over the
”complete length”
The check is made on the PLC side within the scope of the cyclic F_DP communi-
cation by evaluating the SFC14/SFC15 return values. For an error, Alarm 27354
”F_DP: %1 communication, connection %2 signals SFC%3 error %4” is displayed.

© Siemens AG 2015 All Rights Reserved

7-250 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Parameterization of the F net data transfer

The transfer of the SPL outputs in the F net data is parameterized using the follo-
wing NCK machine data:
S $MN_SAFE_SDP_ASSIGN[0...m]
S $MN_SAFE_SDP_FILTER[0...m]

NCK--SPL--SGA $A_OUTSE[192] [36]...[33] [4]...[1]

: 00000000 ....... 11000000 ....... 00001010
SPL assignment:
1st SPL coupling MD $MN_SAFE_SDP_ASSIGN[0] = 001 004
2nd SPL coupling MD $MN_SAFE_SDP_ASSIGN[1] = 033 036

Direction of transfer
Bit 15 Bit 0 Bit 15 Bit 0
10001000 10001000 00010001 00010001
F net data filter:
1st SPL coupling MD $MN_SAFE_SDP_FILTER[0] = 1111H Sub--slot Sub--slot 1
2nd SPL coupling MD $MN_SAFE_SDP_FILTER[1] = 8888H 2

F net data signals from F_SENDDP:

MD $MN_SAFE_SDP_ID[0] = 2000D
MD $MN_SAFE_SDP_LADDR[0] = 288D Bit15 Bit0
10011000 00010000

Figure 7-27 F net data transfer F_SENDDP

MD13336 $MN_SAFE_SDP_ASSIGN
SPL assignment
For the SPL assignment, the SPL outputs ($A_OUTSE) are selected, which are
assigned to the F net data signals via the F net data filter. Only a contiguous area
can be selected.
The SPL assignment is set using MD $MN_SAFE_SDP_ASSIGN[0...m].
The SPL output area data is specified in the decimal notation in the following
format:
$MN_SAFE_SDP_ASSIGN[n] = aaa bbb with
aaa: Area limit 1, SPL--SGA $A_OUTSE[aaa]
bbb: Area limit 2, SPL--SGA $A_OUTSE[bbb]
The following conditions should be observed when specifying the area limits:
S all area data is valid: (aaa > bbb), (aaa < bbb), (aaa = bbb)
S |(aaa -- bbb)| ≤ 16
In case of an error, Alarm 27301 ”F_DP: MD %1[%2]: SPL coupling incorrect” is
output.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-251
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

S |(aaa -- bbb)| = y
With y = number of F net data signals selected in the MD F net data filter
$MN_SAFE_SDP_FILTER.
In the case of an error, Alarm 27303 ”F_DP: Number of signals in MD %1[%2]
< > MD %3[%4]” is output.
Example for NCK parameterization (see Page 7-249)
The selected SPL outputs $A_OUTSE[1...4] and $A_OUTSE[33...36] are trans-
ferred in the F net data corresponding to the F net data filter of the particular SPL
connection, refer to Fig. 7-27 ”F net data transfer F_SENDDP”.

MD13337 $MN_SAFE_SDP_FILTER:
F net data filter
The F net data filter allows the SPL outputs ($A_OUTSE), which are to be trans-
ferred, to be distributed across any F net data signals.
The F net data filter is set using MD $MN_SAFE_SDP_FILTER[0...m].
Example for NCK parameterization (see Page 7-249)
The parameterized SPL outputs of the F_DP communication relationship
(DP_DP_ID: 2000) are distributed via the F net data filter to bits 0, 4, 8 and 12
(1st sub--slot) and bits 3, 7, 11 and 15 (2nd sub--slot) in the F net data of the F
telegram, see Fig. 7-27 ”F net data transfer F_SENDDP”.

Note
Within an SPL connection, an F net data signal of an F telegram may only be
occupied by one SPL coupling via the F net data filter. When allocated a multiple
number of times, Alarm 27302 ”F_DP: Dual allocation MD %1 [%2] --MD %3 [%4]”
is output.

MD13335 $MN_SAFE_SDP_TIMEOUT
Monitoring time
By specifying the monitoring time, the time is specified within which an F telegram
from F_SENDDP must be acknowledged by F_RECVDP.
The monitoring time is set using MD $MN_SAFE_SDP_TIMEOUT[0...m].
When the monitoring time is exceeded, then depending on the system variables
$A_FSDP_ERR_REAC, the selected alarm responses are initiated:
Alarm 27350 ”F_DP: %1 communication, DP_DP_ID = 52 signals error %3” and
Alarm 27351 ”F_DP: %1 communication, DP_DP_ID = 52 signals error %3”.

© Siemens AG 2015 All Rights Reserved

7-252 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Notes and commissioning

When commissioning F_DP communication for the first time, it is recommended
that the monitoring time is initially kept at the default value in order to avoid alarms
caused by the monitoring time being exceeded.
After the F_DP communication has been successfully commissioned, the monitor-
ing time can then be changed to the required value, e.g. monitoring time ² 5 *
F_DP clock cycle of the slower component of the SPL connection with F_DP clock
cycle = $MA_SAFE_SRDP_IPO_TIME_RATIO * IPO clock cycle.
For more complex PLC user programs, it is possible that the parameterized F DP
clock cycle is either briefly or even permanently exceeded. This is the reason that
for diagnostic purposes, the maximum value of the F_DP clock cycle since the last
time the control booted (powered--up) is displayed in machine data
$MA_INFO_SAFE_SRDP_CYCLE_TIME and in the diagnostics screen ”SI com-
munication”.

Note
It can only be ensured that the level of an output signal is correctly detected on the
sender side and transferred to the receiver if it is present for at least the
monitoring time that has been parameterized (MN_SAFE_SDP_TIMEOUT).

MD13330 $MN_SAFE_SDP_ENABLE_MASK
Enable screen form
The individual parameterizing data sets are enabled using the enable screen form.
The enable mask is bit--orientated, i.e. bit 0activates the 1st parameterizing data
set with machine data index 0.
If a parameterizing data set is not activated, then the machine data of the corre-
sponding SPL connection are not evaluated.

MD13333 $MN_SAFE_SDP_CONNECTION_NR
Connection number
A parameterizing data set is assigned to an SPL connection using the connection
number. Presently, a max. of max. 16 SPL connections can be parameterized for
F_SENDDP. As a result, the value range for the connection number obtained is: 1,
2, 3 ... 16.
In the default setting, a parameterizing data set is not assigned to any SPL con-
nection (connection number = 0). Each active parameterizing data set must be
assigned to an SPL connection. In the case of an error, Alarm 27034 ”Parameteri-
zation of MD %1[%2] invalid” is displayed.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-253
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

The connection number is, at the same time, also the index to access system
variables of the user interface of the SPL connection. The user interface involves
the following system variables:
Input data
-- $A_FSDP_ERR_REAC[1...n]
Output data
-- $A_FSDP_ERROR[1...n]
-- $A_FSDP_SUBS_ON[1...n]
-- $A_FSDP_DIAG[1...n]
The connection number is set using MD $MN_SAFE_SDP_CONNECTION_NR.
Example
The parameterization data set x should be assigned to the2nd SPL connection.
S $MN_SAFE_SDP_CONNECTION_NR[x] = 2
This means, that as user interface, SPL connection x uses the above mentioned
system variables with index 2, e.g.: $A_FSDP_ERROR[2]

MD13338 $MN_SAFE_SDP_ERR_REAC
Error response
The default value for the system variable $A_FSDP_ERR_REAC[1...n] (alarm
response) is entered using machine data $MN_SAFE_SDP_ERR_REAC[1...n]. By
programming the system variable in the user program , then the alarm response
can be dynamically changed.
After programming the error response using the system variable, the value saved
in the machine data is no longer active until the control re--boots.
The significance of the values for the machine data correspond to the values forthe
system variable $A_FSDP_ERR_REAC[1...n].

Input data, F_SENDDP

System variable: Error response, $A_FSDP_ERR_REAC
The response when a communication error occurs is set using the system variable
$A_FSDP_ERR_REAC[1...n]. This means, depending on the actual coupling or as
a function of the plant/system components involved in the SPL connection, the
response to a communication error, caused by an error in the communication path
or by consciously switching off one of the plant/system components can be spe-
cifically entered. The following error responses can be set:
S Alarm 27350 and also STOP D/E
S Alarm 27350
S Alarm 27351 (display only, self--clearing)
S No alarm is displayed.

© Siemens AG 2015 All Rights Reserved

7-254 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Boundary conditions
1. For a communication error, the following system variables are always set
independent of the error response set using the system variable
$A_FSDP_ERR_REAC:
-- $A_FSDP_ERROR = 1
-- $A_FSDP_SUBS_ON = 1
2. When a communication error occurs, the currently programmed error response
is realized. If the error response is changed, it only becomes effective when the
next communication error occurs.
3. Whether STOP D or STOP E is initiated as error response can be parame-
terized using:
-- NCK: $MN_SAFE_SPL_STOP_MODE
-- PLC: DB18.DBX36.1
4. The system variable $A_FSDP_ERR_REAC[1...n] is a part of the crosswise
data comparison SPL--CDC.

Note
Until the system variable is programmed for the first time, after the control boots,
the value set using MD $MN_SAFE_SDP_ERR_REAC is active.

Output data, F_SENDDP

System variable: Error signal, $A_FSDP_ERROR
System variable $A_FSDP_ERR_REAC[1...n] is used to indicate that there is a
communication error. The specific cause, determined by F_SENDDP, is communi-
cated using the diagnostics data (system variable $A_FSDP_DIAG).
The system variable $A_FSDP_ERROR is cyclically compared with the corre-
sponding PLC variables FSDP[1...16].ERROR. If unequal, there is a system error
and this is displayed using Alarm 27355 ”F_DP: %1 communication, connection
%2 reports a system error %3 (%4)”.
System variable: Substitute value signal, $A_FSDP_SUBS_ON
System variable $A_FSDP_SUBS_ON[1...n] is used to signal that F_RECVDP has
output substitute values to the application.
The system variable $A_FSDP_SUBS_ON is cyclically compared with the corre-
sponding PLC variables FSDP[1...16].SUBS_ON. If unequal, there is a system
error and this is displayed using Alarm 27355 ”F_DP: %1 communication, connec-
tion %2 reports a system error %3 (%4)”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-255
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

System variable: Diagnostics data, $A_FSDP_DIAG

System variable $A_FSDP_DIAG[1...n] is used to signal the cause of the commu-
nication error determined by F_SENDDP.
The system variable $A_FSDP_DIAG is not cyclically compared with the corre-
sponding PLC variables FSDP[1...16].DIAG.

Comparison, NCK system variable / PLC variable

NCK system variable PLC variable DB 18

Inputs
$A_FSDP_ERR_REAC[1...n] FSDP[1...3].ERR_REAC or
FSDP_HF[4..16].ERR_REAC
$A_OUTSE SPL_DATA_OUTSEP[1...64] or
SPL_DATA.OUTSEP_HF[65..192]
$MN_PREVENT_LOCK SPL_READY
Outputs
$A_FSDP_ERROR[1...n] FSDP[1...3].ERROR or
FSDP_HF[4..16].ERROR
$A_FSDP_SUBS_ON[1...n] FSDP[1...3].SUBS_ON or
FSDP_HF[4..16].SUBS_ON
$A_FSDP_DIAG[1...n] FSDP[1...3].DIAG or FSDP_HF[4..16].DIAG
---- FSDP[1...3].RETVAL14 or
FSDP_HF[4..16].RETVAL14
---- FSDP[1...3].RETVAL15 or
FSDP_HF[4..16].RETVAL15

7.4.3 Receiver F_RECVDP

In order to transfer SPL output data from an F--CPU to a SINUMERIK 840D sl

using F--DP communication, an SPL connection must be parameterized. This
connection comprises the following:
S F_DP communication relationship
The following F_DP communication parameters are defined using the F_DP
communication relationship:
-- Identifier (DP_DP_ID) and connection name
-- Communication parameters:
-- I/O start addresses (LADDR)
-- Monitoring time (TIMEOUT)
-- Error response (ERR_REAC)
-- Substitute values in the case of an error (SUBS)

© Siemens AG 2015 All Rights Reserved

7-256 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

S SPL coupling
The SPL coupling is used to define which F data signals of the F telegram are
to be mapped to which SPL inputs ($A_INSE). Several SPL couplings can be
parameterized for one SPL connection.
Note:
The interpretation and processing of the F net data signals are realized via the
PLC and NCK SPL and are the exclusive responsibility of the user or SPL
programmer.
S Connection number
A parameterizing data set is assigned to an SPL connection using the connec-
tion number.
An SPL connection is defined in a parameterizing data set. For SINUMERIK 840D
sl, 16 parameterizing data sets are available for F_RECVDP; as a consequence,
16 different SPL connections, designated using 16 identifiers (DP_DP_ID), can be
parameterized in the F DP communication relationships. In case of an error, Alarm
27306 ”F_DP: Max. number of active SPL connections (%1) for %2 exceeded” is
output
SPL input data ($A_INSE) can only be assigned to an SPL connection in the para-
meterizing data of the SPL coupling as contiguous range. If the SPL input data,
which are required for an SPL connection, are not contiguous, then several SPL
connections must be parameterized in the parameterizing sets. These SPL con-
nections are designated using identical F_DP communication relationships and
connection numbers, but different SPL couplings. The parameterization of one SPL
connection with several SPL couplings is designated as sub--slots within the frame-
work of PROFIsafe (see Chapter 7.2.6 ”Parameterizing the SPL--SGE interface”).
The number of SPL couplings per SPL connection can be freely parameterized
within the framework of the number of parameterizing data sets that are available.
The following options are available to parameterize SPL connections and SPL
couplings for each SPL connection:
S SPL connections: 1 up to a maximum of 16
S SPL couplings per SPL connection: 1 up to a maximum of 16, whereby the sum
of all SPL couplings of all SPL connections can be a maximum of 16
For the case that 16 SPL connections are parameterized, for each SPL connec-
tion, there is only one SPL coupling available.
The following value range for system variables and machine data is obtained from
this:
S System variable index: 1...n with n = 16
S Machine data index: 0...m with m = 15

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-257
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

SINUMERIK 840D sl F--CPU

(logical view)
SPL
SPL connection
$A_INSE
SPL
.....
SPL coupling
1...4
F net data
transfer Connection
number

F_RECVDP System variable F_SENDDP

interface

PROFIBUS--DP

PROFINET
F_DP communication relationship

Figure 7-28 Example for 1 SPL connection with 4 SPL couplings

Interface overview

Activation data NCK) Parameterizing data (NCK)

$MN_SAFE_RDP_ENABLE_MASK $MN_SAFE_RDP_ID[0...m]
$MN_SAFE_RDP_NAME[0...m]
$MN_SAFE_RDP_CONNECTION_NR[0...m]
$MN_SAFE_RDP_LADDR[0...m]
$MN_SAFE_RDP_ASSIGN[0...m]
$MN_SAFE_RDP_FILTER[0...m]
Output data (NCK) $MN_SAFE_RDP_TIMEOUT[0...m]
$A_FRDP_ERROR[1...n] $MN_SAFE_RDP_ERR_REAC[0...m]
$A_FRDP_SUBS_ON[1...n] $MN_SAFE_RDP_SUBS[0...m]
$A_FRDP_ACK_REQ[1...n]
Input data (NCK)
$A_FRDP_DIAG[1...n] F_RECVDP $A_FRDP_SUBS[1...n]
$A_FRDP_SENDMODE[1...n]
$A_FRDP_ERR_REAC[1...n]
$A_INSE
Channel_1 reset
Output data (DB18)
FRDP[1...16].ERROR Input data (DB18)
FRDP[1...16].SUBS_ON FRDP[1...16].SUBS[0...15]
FRDP[1...16].ACK_REQ FRDP[1...16].ERR_REAC
FRDP[1...16].SENDMODE FRDP[1...16].ACK_REI
System responses
FRDP[1...16].DIAG[
Alarm (HMI)
SPL_DATA_INSEP[1...192] STOP D/E
FRDP[1...16].RETVAL14
FRDP[1...16].RETVAL15

Figure 7-29 Interface overview F_RECVDP

© Siemens AG 2015 All Rights Reserved

7-258 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Activation data
Every parameterizing data set can be separately activated using the activation
data.
Parameterizing data
The parameterizing data set of an SPL connection involves the following data
areas:
S Identifier:
-- DP_DP_ID: MD13341 $MN_SAFE_RDP_ID
-- Name: MD13342 $MN_SAFE_RDP_NAME
S Connection number: MD13343 $MN_SAFE_RDP_CONNECTION_NR #
S Communication parameters:
-- I/O start address: MD13344 $MN_SAFE_RDP_LADDR #
-- Monitoring time: MD13345 $MN_SAFE_RDP_TIMEOUT #
S Net data parameters:
-- SPL assignment: MD13346 $MN_SAFE_RDP_ASSIGN
-- F net data filter: MD13347 $MN_SAFE_RDP_FILTER
S Fault response:
-- Error response MD13348 $MN_SAFE_RDP_ERR_REAC #
-- Substitute values: MD13349 $MN_SAFE_RDP_SUBS #
For SPL connections with the same identifier, all parameters identified with # must
be identical. In case of an error, Alarm 27305 ”F_DP: Parameter MD %1[%2] < >
MD%3[%4]” is output.
Input/output data
The input and output data provide the user or SPL programmer an interface
compatible to the SIMATIC F application blocks using system variables.
Fault responses
The system responses when a communication error occurs can be influenced by
the user by appropriately setting the machine data $MN_SAFE_RDP_ERR_REAC
and $MN_SAFE_RDP_SUBS or at a later time by programming the system
variables $A_FRDP_ERR_REAC, $A_FRDP_SUBS in the SPL program.

SPL couplings (sub--slots)

Just the same as for PROFIsafe, also for F_RECVDP, only contiguous ranges of
SPL input data ($A_INSE[x] up to $A_INSE[x+y]) can be assigned to an SPL con-
nection. If the received F net data are to be transferred in several non--contiguous
SPL input data areas, then several SPL connections must be parameterized.
These are then designated using an identical identifier, communication parameter
and connection number, but different SPL couplings. As part of the F_DP commu-
nication, these SPL connections are combined to form a single SPL connection
communicating via PROFIBUS with several subordinate SPL couplings (sub--
slots).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-259
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

Example of NCK parameterization2

The following specifications are applied for the more detailed description of the
NCK parameterization.
S Identifier
-- DP_DP_ID: 1000D
-- Name: ”WZM1”
S Connection number: 1
S Communication parameters
-- I/O start address: 298D
-- Monitoring time: 0.5 seconds
S Net data parameters
-- SPL inputs used: $A_INSE[1...4]
-- Filter data : 000FH
-- SPL inputs used: $A_INSE[33...36]
-- Filter data: F000H
S Fault response:
-- Error response: 0
-- Substitute values: 0
The following parameterizing data sets are obtained:
1. SPL connection (sub--slot 1)
$MN_SAFE_RDP_ID[0] = 1000D
$MN_SAFE_RDP_NAME[0] = WZM1
$MN_SAFE_RDP_CONNECTION_NR[0] = 1
$MN_SAFE_RDP_LADDR[0] = 298D
$MN_SAFE_RDP_TIMEOUT[0] = 0.5
$MN_SAFE_RDP_ASSIGN[0] = 001 004D
$MN_SAFE_RDP_FILTER[0] = 000FH
$MN_SAFE_RDP_ERR_REAC[0] = 0
$MN_SAFE_RDP_SUBS[0] = 0
2. SPL connection (sub--slot 2)
$MN_SAFE_RDP_ID[1] = 1000D
$MN_SAFE_RDP_NAME[1] = WZM1
$MN_SAFE_RDP_CONNECTION_NR[1] = 1
$MN_SAFE_RDP_LADDR[1] = 298D
$MN_SAFE_RDP_TIMEOUT[1] = 0.5
$MN_SAFE_RDP_ASSIGN[1] = 033 036D
$MN_SAFE_RDP_FILTER[1] = F000H
$MN_SAFE_RDP_ERR_REAC[1] = 0
$MN_SAFE_RDP_SUBS[1] = 0

Note
All machine data of a parameterizing data set are linked with one another using
the common machine data index.

© Siemens AG 2015 All Rights Reserved

7-260 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

MD13341 $MN_SAFE_RDP_ID
Identifier of the F_DP communication relationship
The identifier must be assigned a freely selectable, unique identifier (DP_DP_ID),
however, this must be unique across all F--CPUs that are connected using F_DP
communication.

MD13342 $MN_SAFE_RDP_NAME
Connection name
An SPL connection can be allocated a meaningful name using this machine data.
The connection name can be freely selected and can be a maximum of 15
characters. The connection name is displayed at the HMI and in the alarm display.
If a connection name is specified, then for Alarms 2735x, the name is displayed.
If a connection name is not specified, then the corresponding identifier is
displayed (DP_DP_ID).
The connection name does not have to be specified in all of the parameterizing
data sets associated with an SPL connection. The connection name that is speci-
fied in the first active parameterizing data set is always used, i.e. the parame-
terizing data set with the lowest machine data index. All other data sets of an SPL
connection are not evaluated with reference to connection names.
This MD is not incorporated in the checksum calculation; i.e. it can also be
changed without aligning the checksum.

MD13344 $MN_SAFE_RDP_LADDR
I/O start address
For each SPL connection, when generating the configuration in SIMATIC STEP 7
HW Config a start address must be defined for the I/O area via which the
F_RECVDP exchanges data with the associated F_SENDDP. The start address
must be the same for the input and output data areas.
The user must enter the I/O start address of the SPL connection, defined in the
configuration, in the MD $MN_SAFE_RDP_LADDR[0...m].
Rules to define the start addresses and address areas of an SPL connection:
S The start address must be identical in the input and output data areas
S Slot length: Input data area = 12 bytes, output data area: 6 bytes
S Consistency of the slot in the input and output data areas in both cases over the
”complete length”
The check on the PLC side is made within the scope of the cyclic F_DP communi-
cation by evaluating the SFC14/SFC15 return values. For an error, Alarm 27354
”F_DP: %1 communication, connection %2 signals SFC%3 error %4” is displayed.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-261
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

Parameterization of the F net data transfer

The transfer of F net data in the SPL inputs is parameterized using the following
NCK machine data:
S $MN_SAFE_RDP_ASSIGN[0...m]
S $MN_SAFE_RDP_FILTER[0...m]

NCK--SPL--SGE $A_INSE[192] [36]...[33] [4]...[1]

: 00000000 ....... 10010000 ....... 00001010
SPL assignment: .... ....
1st SPL coupling MD $MN_SAFE_RDP_ASSIGN[0] = 001 004
2nd SPL coupling MD $MN_SAFE_RDP_ASSIGN[1] = 033 036

Direction of transfer
Bit 15 Bit 0 Bit 15 Bit 0
F net data filter:
11110000 00000000 00000000 00001111
1st SPL coupling MD $MN_SAFE_RDP_FILTER[0] = 000FH Sub--slot Sub--slot 1
2nd SPL coupling MD $MN_SAFE_RDP_FILTER[1] = F000H 2

F net data signals of F_RECVDP:

MD $MN_SAFE_RDP_ID[0] = 1000D
MD $MN_SAFE_RDP_LADDR[0] = 298D Bit15 .... .... Bit0
10010000 00001010

Figure 7-30 F net data transfer F_RECVDP

MD13347 $MN_SAFE_RDP_FILTER
F net data filter
If, on the receiver side, only individual F data signals of the F telegram -- which are
not located one after the other -- are required within the SPL for further processing,
then these can be selected using the F net data filter.
The F net data filter is set using machine data $MN_SAFE_RDP_FILTER[0...m].
Example for NCK parameterization (see Page 7-260)
From the F net data signals of the F telegram, via the F net data filter of the 1st
SPL connection (sub--slot 1), bits 0 to 3 are selected and via the F net data filter of
the 2nd SPL connection (sub--slot 2) bits 12 to 15 are selected. The selected F net
data signals are available as seamless bit field without any gaps (in the example,
with length 4) at the output of the particular F net data filter.

MD13346 $MN_SAFE_RDP_ASSIGN
SPL assignment
For the SPL assignment, the F net data signals selected using the F net data filter
are assigned to the SPL inputs ($A_INSE) as seamless bit field (without any gaps).
The SPL assignment is set using MD $MN_SAFE_SDP_ASSIGN[0...m].

© Siemens AG 2015 All Rights Reserved

7-262 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

The SPL--SGE area is specified in the decimal notation in the format:

$MN_SAFE_RDP_ASSIGN[n] = aaa bbb with
aaa: Area limit 1, SPL--SGE $A_INSE[aaa]
bbb: Area limit 2, SPL--SGE $A_INSE[bbb]
The following conditions should be observed when specifying the area limit:
S all area data is valid: (aaa > bbb), (aaa < bbb), (aaa = bbb)
S |(aaa -- bbb)| ≤ 16
In case of an error, Alarm 27301 ”F_DP: MD %1[%2]: SPL coupling incorrect” is
output.
S |(aaa -- bbb)| = y
With y = number of F net data signals selected in the MD F net data filter
$MN_SAFE_RDP_FILTER.
In the case of an error, Alarm 27303 ”F_DP: Number of signals in MD %1[%2]
< > MD %3[%4]” is output.
Example for NCK parameterization (see Page 7-260)
The F net data signals, selected in each of the two SPL connections using the F
net data filter, are available at the output of the particular F net data filter as seam-
less bit field (no gaps). The bit field of the 1st SPL connection is transferred in the
SPL--SGE area $A_INSE[1] to $A_INSE[4] and the bit field of the 2nd SPL con-
nection is transferred in the SPL--SGE area $A_INSE[33] to $A_INSE[36], refer to
diagram 7-30 ”F net data transfer F_RECVDP.
An SPL input may only be occupied by one SPL connection. When allocated a
multiple number of times, Alarm 27302 ”F_DP: Dual allocation MD %1 [%2] --MD
%3 [%4]” is output.

MD13345 $MN_SAFE_RDP_TIMEOUT
Monitoring time
By specifying the monitoring time, the time is specified, within which a new F tele-
gram, designated using the incremental sequence number, must be sent from the
F_SENDDP (sender) to F_RECVDP (receiver).
The monitoring time is set using MD $MN_SAFE_RDP_TIMEOUT[0...m].
Notes and commissioning
When commissioning F_DP communication for the first time, it is recommended
that the monitoring time is initially kept at the default value in order to avoid alarms
caused by the monitoring time being exceeded. After the F_DP communication has
been successfully commissioned, the monitoring time can then be changed to the
required value, e.g. monitoring time ² 5 * F_DP clock cycle of the slower compo-
nent of the SPL connection with F_DP clock cycle =
$MA_SAFE_SRDP_IPO_TIME_RATIO * IPO clock cycle.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-263
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

For more complex PLC user programs, it is possible that the parameterized F DP
clock cycle is either briefly or even permanently exceeded. This is the reason that
for diagnostic purposes, the maximum value of the F_DP clock cycle since the last
time the control booted (powered--up) is displayed in machine data
$MA_INFO_SAFE_SRDP_CYCLE_TIME and in the diagnostics screen ”SI com-
munication”.

MD13340 $MN_SAFE_RDP_ENABLE_MASK
Enable screen form
The individual parameterizing data sets are enabled using the enable screen form.
The enable mask is bit--orientated, i.e. bit 0activates the 1st parameterizing data
set with machine data index 0. If a parameterizing data set is not activated, then
the machine data of the corresponding SPL connection are not evaluated.
The enable screen form is set using MD13340 $MN_SAFE_RDP_ENA-
BLE_MASK.

MD13343 $MN_SAFE_RDP_CONNECTION_NR
Connection number
A parameterizing data set is assigned to an SPL connection using the connection
number. A max. of 16 SPL connections can be parameterized for F_RECVDP. As
a result, the value range for the connection number obtained is: 1, 2, 3, ..., 16.
In the default setting, a parameterizing data set is not assigned to any SPL con-
nection (connection number = 0). Each active parameterizing data set must be
assigned to an SPL connection. In the case of an error, Alarm 27034 ”Parame-
terization of MD %1[%2] invalid” is displayed.
The connection number is, at the same time, also the index to access system
variables of the user interface of the SPL connection. The user interface involves
the following system variables:
Input data
-- $A_FRDP_SUBS[1...n]
-- $A_FRDP_ERR_REAC[1...n]
Output data
-- $A_FRDP_ERROR[1...n]
-- $A_FRDP_SUBS_ON[1...n]
-- $A_FRDP_ACK_REQ[1...n]
-- $A_FRDP_DIAG[1...n]
-- $A_FRDP_SENDMODE[1...n]
The connection number is set using MD $MN_SAFE_RDP_CONNECTION_NR.

© Siemens AG 2015 All Rights Reserved

7-264 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Example:
The 3rd SPL connection should be used.
S $MN_SAFE_RDP_CONNECTION_NR[x] = 3

MD13348 $MN_SAFE_RDP_ERR_REAC
Error response
Machine data $MN_SAFE_RDP_ERR_REAC[1...n] is used to set the default alarm
response, which is initiated when an F_DP communication error occurs. The alarm
response can be dynamically changed by the appropriate user programming via
system variable $A_FRDP_ERR_REAC[1...n].
After programming the error response using the system variable, the value saved
in the machine data is no longer active until the control re--boots.
The significance of the values for the machine data correspond to the values for
the system variable $A_FRDP_ERR_REAC[1...n].

MD13349 $MN_SAFE_RDP_SUBS
Substitute values
MD $MN_SAFE_RDP_SUBS[1...n] is used to set the default substitute values that
are active after the control boots, which are output from an F_RECVDP driver to
the SPL during an F_DP communication error.
In the SPL program, the user can dynamically enter other substitute values by
writing to the system variable $A_FRDP_SUBS[1...n]. The substitute values set in
the machine data are only active again when the control reboots the next time.

Input data F_RECVDP

System variable: Error response, $A_FRDP_ERR_REAC
The response when a communication error occurs is set using the system variable
$A_FRDP_ERR_REAC[1...n]. This means, depending on the actual coupling or as
a function of the plant/system components involved in the SPL connection, the
response to a communication error, caused by an error in the communication path
or by consciously switching one of the plant/system components, can be specified.
The following error responses can be set:
S Alarm 27350 and also STOP D/E
S Alarm 27350
S Alarm 27351 (display only, self--clearing)
S No alarm is displayed.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-265
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

Boundary conditions
1. For a communication error, the following system variables are always set inde-
pendent of the error response set using the system variable
$A_FRDP_ERR_REAC[1...n]:
-- $A_FRDP_ERROR[1...n] = 1
-- $A_FRDP_SUBS_ON[1...n] = 1
-- SPL input values $A_INSE[1...n] = $A_FRDP_SUBS[1...n]
2. When a communication error occurs, the currently programmed error response
is realized. If the error response is changed, it only becomes effective when the
next communication error occurs (in time).
3. Whether STOP D or STOP E is initiated as error response can be parame-
terized using:
-- NCK: $MN_SAFE_SPL_STOP_MODE
-- PLC: DB18.DBX36.1
4. The system variable $A_FRDP_ERR_REAC[1...n] is a part of the crosswise
data comparison SPL--CDC.

Note
Until the system variable is programmed for the first time, after the control boots,
the value set using MD $MN_SAFE_RDP_ERR_REAC is active.

System variable: Substitute values, $A_FRDP_SUBS

Using the system variable $A_FRDP_SUBS[1...n], substitute values are specified,
which, in the case of an error, are output to the SPL input data parameterized
using machine data $MN_SAFE_RDP_ASSIGN. A change to the substitute values
only becomes effective in the next F_DP clock cycle -- also during an error.
The system variable $A_FRDP_SUBS[1...n] is a part of the crosswise data com-
parison SPL--CDC.

Note
Until the system variables are programmed for the first time, after the control
boots, the values defined using MD $MN_SAFE_RDP_SUBS[1...n] are active.

System variable: User acknowledgment, interface signal:

DB18.FRDP_ACK_Rei and channel_1 reset
A user acknowledgment is always required after a communication error detected
by F_RECVDP (system variable $A_FRDP_ERROR = 1). Once the cause of the
error has been removed and F_SENDDP and F_RECVDP are again in cyclic com-
munication, F_RECVDP sets the request for user acknowledgment via the system
variable $A_FRDP_ACK_REI = 1.

© Siemens AG 2015 All Rights Reserved

7-266 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

A user acknowledgment can be realized as follows:

S PLC: Interface signal DB18.FRDP_ACK_REI
S NCK: Channel_1 reset
Driver--specific interface signal: DB18.FRDP_ACK_REI
The user acknowledgment is realized with a 0/1 change of the interface signal
level. The interface signal must either be set or reset by the PLC user program.
The applies to all F_RECVDP drivers.
The driver--specific interface signals are single--channel signals and are therefore
not part of the crosswise data comparison SPL--CDC.

Note
The user acknowledgment via the interface signal only refers to acknowledging a
communication error. If an alarm is initiated when a communication error is
detected, this is not acknowledged, and neither the alarm nor the stop responses
are reset.

Channel_1 reset
The user acknowledgment is internally realized in the system by initiating the
channel_1 reset by pressing the reset key on the machine control panel
The interface signal is a single--channel signal and is therefore not part of the
crosswise data comparison SPL--CDC.

Note
If an alarm is initiated when a communication error is detected, the alarm is
acknowledged, and the alarm and stop responses are reset.

Output data F_RECVDP

System variable: Error signal, $A_FRDP_ERROR
System variable $A_FRDP_ERROR[1...n] is used to indicate that there is a com-
munication error. The specific cause, determined by F_RECVDP, is communicated
using the diagnostics data (system variable $A_FRDP_DIAG[1...n]).
System variable $A_FRDP_ERROR[1...n] is cyclically compared with the corre-
sponding PLC variables FRDP[1...n].ERROR. If unequal, there is a system error
and Alarm 27355 ”F_DP: %1 communication, connection %2 reports a system
error %3 (%4)” is output.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-267
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

System variable: Substitute value signal, $A_FRDP_SUBS_ON

System variable $A_FRDP_SUBS_ON[1...n] is used to signal that the substitute
values, specified using the system variable $A_FRDP_SUBS[1...n] should be
output to the SPL inputs $A_INSE[1...n].
System variable $A_FRDP_SUBS_ON[1...n] is cyclically compared with the
corresponding PLC variables FRDP[1...n].SUBS_ON. If unequal, there is a system
error and this is displayed using Alarm 27355 ”F_DP: %1 communication, connec-
tion %2 reports a system error %3 (%4)”.
System variable: Request signal for user acknowledgment,
$A_FRDP_ACK_REQ
System variable $A_FRDP_ACK_REQ[1...n] is used to signal that after a commu-
nication error, cyclic F telegrams are again being exchanged, but in order to
acknowledge the error and to output the process values, a user acknowledgment is
still required via the interface signal DB18.FRDP_ACK_REI or Channel_1 reset.
System variable $A_FRDP_ACK_REQ[1...n] is cyclically compared with the cor-
responding PLC variables FRDP[1...n].ACK_REQ. If unequal, there is a system
error and this is displayed using Alarm 27355 ”F_DP: %1 communication, connec-
tion %2 reports a system error %3 (%4)”.
System variable: Diagnostics data, $A_FRDP_DIAG
System variable $A_FRDP_DIAG[1...n] is used to signal the cause of the commu-
nication error determined by F_RECVDP.
System variable $A_FRDP_DIAG[1...n] is not cyclically compared with the corre-
sponding PLC variable FRDP[1...n].DIAG.
System variable: Safety operation, $A_FRDP_SENDMODE
System variable $A_FRDP_SENDMODE[1...n] displays the actual operating mode
of the F--CPU of the sender (F_SENDDP). If the F--CPU is in the deactivated
safety mode, then this is signaled to the receiver in the F telegram. The receiver
then sets $A_FRDP_SENDMODE[1...n] = 1.
For SINUMERIK 840D sl, the deactivated safety mode corresponds to the
SPL--commissioning mode ($MN_PREVENT_SYNACT_LOCK = 0 or
DB18DBX36.0 = 0).
System variable $A_FRDP_SENDMODE[1...n] is cyclically compared with the cor-
responding PLC variables FRDP[1...n].SENDMODE. If unequal, there is a system
error and this is displayed using Alarm 27355 ”F_DP: %1 communication, connec-
tion %2 reports a system error %3 (%4)”.

© Siemens AG 2015 All Rights Reserved

7-268 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Comparison, NCK system variable / PLC variable

NCK system variable PLC variable DB 18

Inputs
$A_FRDP_SUBS[1...n] FRDP[1...3].SUBS[0...15] or
FRDP_HF[4..16].SUBS[0..15]
$A_FRDP_ERR_REAC[1...n] FRDP[1...3].ERR_REAC or
FRDP_HF[4..16].ERR_REAC
---- FRDP[1...3].ACK_REI or
FRDP_HF[4..16].ACK_REI
Outputs
$A_FRDP_ERROR[1...n] FRDP[1...3].ERROR or
FRDP_HF[4..16].ERROR
$A_FRDP_SUBS_ON[1...n] FRDP[1...3].SUBS_ON or
FRDP_HF[4..16].SUBS_ON
$A_FRDP_ACK_REQ[1...n] FRDP[1...3].ACK_REQ or
FRDP_HF[4..16].ACK_REQ
$A_FRDP_SENDMODE[1...n] FRDP[1...3].SENDMODE or
FRDP_HF[4..16].SENDMODE
$A_FRDP_DIAG[1...n] FRDP[1...3].DIAG or FRDP_HF[4..16].DIAG
$A_INSE SPL_DATA.INSEP[1...64] or SPL_DATA.IN-
SEP_HF[65..192]
---- FRDP[1...3].RETVAL14 or
FRDP_HF[4..16].RETVAL14
---- FRDP[1...3].RETVAL15 or
FRDP_HF[4..16].RETVAL15

7.4.4 Mapping the SIMATIC blocks

The parameters of the F_SENDDP and F_RCVDP blocks to be programmed in a

SIMATIC--F--CPU and their corresponding mapping for SINUMERIK 840D sl are
shown in the following:

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-269
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

F_SENDDP

Table 7-3 F_SENDDP

SIMATIC block parameter SINUMERIK

F_SENDDP (FB223) Parameter
Inputs SD_BO_00 $A_OUTSE[x] 1)
... ...
SD_BO_15 $A_OUTSE[y] 1)
SD_I_00 -- -- -- 2)
SD_I_01 -- -- -- 2)
DP_DP_ID $MN_SAFE_SDP_ID
TIMEOUT $MN_SAFE_SDP_TIMEOUT
LADDR $MN_SAFE_SDP_LADDR
Outputs ERROR $A_FSDP_ERROR
SUBS_ON $A_FSDP_SUBS_ON
RETVAL 14 Alarm27354 3)
RETVAL 15 Alarm27354 3)
DIAG $A_FSDP_DIAG
1) Assignment of the corresponding assign and filter machine data of the SPL connection.
2) Transfer of integer values has not been implemented. Value in the F telegram always 0.
3) Description of the SFC(%3) under error code (%4), see Step7, online help

F_RECVDP

Table 7-4 F_RECVDP

SIMATIC SINUMERIK
Block parameter Parameter
F_RCVDP (FB224)
ACK_REI DB18.FRDP_ACK_REI
Inputs SUBBO_00 $MN_SAFE_RDP_SUBS/$A_FRDP_SUBS, bit 0
... ...
SUBBO_15 $MN_SAFE_RDP_SUBS/$A_FRDP_SUBS, bit 15
SUBI_00 -- -- -- 1)
SUBI_01 -- -- -- 1)
DP_DP_ID $MN_SAFE_SRP_ID
TIMEOUT $MN_SAFE_SRP_TIMEOUT
LADDR $MN_SAFE_SRP_LADDR
Outputs ERROR $A_FRDP_ERROR
SUBS_ON $A_FRDP_SUBS_ON
ACK_REQ $A_FRDP_ACK_REQ

© Siemens AG 2015 All Rights Reserved

7-270 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

Table 7-4 F_RECVDP, continued

SIMATIC SINUMERIK
Block parameter Parameter
F_RCVDP (FB224)
SENDMODE $A_FRDP_SENDMODE
RD_BO_00 $A_INSE[x] 2)
... ...
RD_BO_15 $A_INSE[y] 2)
RD_I_00 -- -- -- 3)
RD_I_0I -- -- -- 3)
RETVAL 14 Alarm27354 4)
RETVAL 15 Alarm27354 4)
DIAG $A_FRDP_DIAG
1) Transfer of integer values has not been implemented. Substitute values not required for
integer values.
2) Assignment of the corresponding assign and filter machine data of the SPL connection.
3) Transfer of integer values has not been implemented. The value possibly transferred
from an F--CPU in the F telegram is not made available to the user.
4) Description of the SFC(%3) under error code (%4), see Step7, online help

7.4.5 Parameterizing the PLC

Communication error when the control boots before SPL processing starts
When booting, user interface DB 18 is initialized with the boot substitute values
and the boot error response from the NCK machine data. The values are valid and
are effective when a communication error occurs as long as they are not over-
written with other values from the SPL (see also Chapter 7.4.10).
Initializing when booting:
FSDP[1..n].ERR_REAC = $MN_SAFE_SDP_ERR_REAC[0...n--1]
FRDP[1..n].SUBS[0..15] = $MN_SAFE_RDP_SUBS
FRDP[1..n].ERR_REAC = $MN_SAFE_RDP_ERR_REAC

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-271
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

7.4.6 Clock cycle setting of the F_DP communication

MD $MN_SAFE_SRDP_IPO_TIME_RATIO can be used to set a reduction ratio to

the IPO clock cycle on the NCK side, this defines the time grid F_DP in which
communication takes place between the NCK and PLC (F_DP clock cycle). This
means that it is indirectly possible to optimize the utilization of the PLC using the
F_DP communication.
The following supplementary conditions apply:
S The maximum value of the F_DP clock cycle exceeded
The upper value of the F_DP clock cycle is actively limited. A parameterized
error (F_DP_clock cycle > 250 ms) results in Alarm 27300: ”F_DP: Cycle time
%1 [ms] is too long”.
S Response when OB40 clock cycle is > F_DP clock cycle
If the F_DP clock cycle is exceeded, then Alarm 27352 ”F_DP: Communication
error %1, error %2” is not immediately output, but up to a maximum limit value
of 500 ms, an attempt is made to restart the OB40 coupling. In this case, the
IPO clock cycle is used as call cycle and no longer the F_DP clock cycle.
After the 500 ms limit has been exceeded, the alarm mentioned above is output
and the configured stop response (STOP D or E) is initiated. F_DP communica-
tion processing is stopped. The F_RECVDP drivers output fail--safe values (0)
as F net data.
S Displaying the maximum F_DP clock cycle
The maximum F_DP clock cycle that occurs is displayed in MD
$MN_INFO_SAFE_SRDP_CYCLE_TIME.
S Parameterizing error of the F_DP clock cycle
The lower value of the F_DP clock cycle is not actively limited. When setting
the F_DP clock cycle, the PLC--CPU performance should always be taken into
consideration.
When parameterizing an F_DP cycle that is too low, Alarm 27353: ”F_DP:
Actual cycle time %1 [ms] > parameterized cycle time” is output specifying the
currently effective F_DP clock cycle.
The criterion for an F_DP clock cycle that is set too low is that the parame-
terized F_DP clock cycle was exceeded 100 times one after the other.

7.4.7 Response times of the F_DP communication

The response times listed here refer exclusively to the internal processing of the
signals by the F_DP communication layer. The following apply:
S T(FRDP --> DB18) or T(FRDP --> SPL--INSE)
The transfer time from the input area of the F_RECVDP module to the input
interface of the PLC--SPL or NCK--SPL
S T(DB18 --> FSDP) or T(SPL--OUTSE --> FSDP)
The transfer time from the output interface of the PLC--SPL or NCK--SPL to the
output area of the F_SENDDP.

© Siemens AG 2015 All Rights Reserved

7-272 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

S T(FRDP --> FSDP)

Sum of the transfer times from:
-- T(FRDP --> DB18) or T(FRDP --> SPL--INSE)
-- Processing time by the user--specific SPL program.
-- T(DB18 --> FSDP) or T(SPL--OUTSE --> FSDP)
The following applies for the subsequent tables of the PLC and NCK processing
times:
S Values in italics can increase by up to 500 ms due to delays in the communica-
tion path between the NCK and PLC.
S F_DP clock cycle: 500 ms is the permanently implemented maximum time to
detect error--free communications between the NCK and PLC. A STOP
response (STOP D/E) is initiated if this time is exceeded. The maximum F_DP
clock cycle that has occurred is displayed in MD10091
$MN_INFO_SAFE_SRDP_CYCLE_TIME.
S OB1 clock cycle: 150 ms is the maximum time set as standard in the PLC--CPU
to monitor the user level. The PLC goes into the STOP state if this time is
exceeded.
S IPO: IPO clock cycle is formed from MD10050 basic system clock cycle and
MD10070 interpolator clock cycle.
S 0...m * IPO clock cycle: This time component only becomes applicable if delays
are incurred on the PLC side. In this case, in each subsequent IPO clock cycle,
it is determined as to whether the PLC is ready to communicate again.
S OB40_INT is the maximum permissible time to initiate the interrupt on the NCK
side up to execution of the PROFIsafe software and a ready signal to the NCK.
The time is mainly determined by the run time (propagation time) of the F driver
implementation on the PLC side and the PLC user program to be run--through
in the OB40 context. These times typically lie in the vicinity of a few milli-
seconds.
S The error response for system errors (see Alarm 27355) and F_DP communica-
tion errors: Sequence Number and CRC (see alarm 27350 / 27351 SN and
CRC) is realized in the F_DP clock cycle in which the error is identified.
S The error response for F_DP communication error TIMEOUT (see Alarm 27350
and 27351 TO) is realized in the F_DP clock cycle in which the parameterized
timeout (FSDP: MD13335 $MN_SAFE_SDP_TIMEOUT, FRDP: MD13345
$MN_SAFE_RDP_TIMEOUT) is exceeded.
S The specified maximum times are theoretical values; it is extremely improbable
that they actually occur in practice.
Reason:
-- It is improbable that the run time of the PLC--F driver is delayed -- in the
OB40 context -- by the maximum time of 500 ms. The reason for this is that
the interrupting organizational blocks (OB8x) only have such long run times
in extremely few cases.
-- For the theoretical value, it would be necessary that two consecutive runs of
the PLC--F_DP layer in the OB40 context are delayed by the permitted
maximum of 500 ms -- this is extremely improbable.
-- The maximum time of 150 ms for the user program is not reached in any of
the applications relevant in practice.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-273
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

PLC processing times

Times:T(FRDP --> DB18)

Formula 2 * F_DP clock cycle + 1 * OB1
Maximum times 2 * 500 ms + 1 * 150 ms 1150 ms
Typical times 1) 2 * 80 ms + 1 * 30 ms 190 ms
Times: T(DB18 --> FSDP)
Formula 2 * F_DP clock cycle + 1 * OB1
Maximum times 2 * 500 ms + 1 * 150 ms 1150 ms
Typical times 1) 2 * 80 ms + 1 * 30 ms 190 ms
Times: T(FRDP --> FSDP)
Formula 4 * F_DP clock cycle + 2 * OB1
Maximum times 4 * 500 ms + 2 * 150 ms 2300 ms
Typical times 1) 4 * 80 ms + 2 * 30 ms 380 ms
F_DP clock cycle = n * IPO; with n = 1, 2, 3, ...
1) Typical times: IPO = 8 ms; n = 10 => F_DP clock cycle = 80 ms; OB1 = 30 ms

NCK processing times (F_DP clock cycle <= 2 * IPO)

Times: T(FRDP --> SPL--INSE)

Formula 2 * F_DP clock cycle + 1 * OB1
Maximum times 2 * 500 ms + 1 * 8 ms 1008 ms
Typical times 1) 2 * 16 ms + 1 * 8 ms 40 ms
Times: T(SPL--OUTSE --> FSDP)
Formula IPO + (0...m) * IPO + OB40_INT
Maximum times 8 ms + 500 ms + 50 ms 558 ms
Typical times 1) 8 ms + 2 ms 10 ms
Times: T(FRDP --> FSDP)
Formula 2 * F_DP clock cycle + 2 * IPO + (0...m) * IPO + OB40_INT
Maximum times 2 * 500 ms + 2 * 8 ms + 500 ms + 50 ms 1566 ms
Typical times 1) 2 * 16 ms + 2 * 8 ms + 2 ms 50 ms
F_DP clock cycle = n * IPO; with n = 1, 2, 3, ...
1) Typical times: IPO = 8 ms; n = 10 => F_DP clock cycle = 80 ms; OB40_INT = 2 ms ... 50 ms (maximum)

© Siemens AG 2015 All Rights Reserved

7-274 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

NCK processing times (F_DP clock cycle > 2 * IPO)

Times: T(FRDP --> SPL--INSE)

Formula 2 * F_DP clock cycle + 1 * OB1
Maximum times 2 * 500 ms + 1 * 8 ms 1008 ms
Typical times 1) 2 * 80 ms + 1 * 8 ms 168 ms
Times: T(SPL--OUTSE --> FSDP)
Formula IPO + (n -- 2) * IPO + (0...m) * IPO + OB40_INT
Maximum times 8 ms + 8 * 8 ms + 500 ms + 50 ms 622 ms
Typical times 1) 8 ms + 8 * 8 ms + 2 ms 74 ms
Times: T(FRDP --> FSDP)
Formula 2 * F_DP clock cycle + F_DP clock cycle + (0...m) * IPO + OB40_INT
Maximum times 2 * 500 ms + 80 ms + 500 ms + 50 ms 1630 ms
Typical times 1) 2 * 80 ms + 80 ms + 2 ms 242 ms
F_DP clock cycle = n * IPO; with n = 1, 2, 3, ...
1) Typical times: IPO = 8 ms; n = 10 => F_DP clock cycle = 80 ms; OB40_INT = 2 ms ... 50 ms (maximum)

7.4.8 Boot behavior of the F_DP communication

When the control boots, then the F_DP communication, i.e. the F_DP communica-
tion relationships of all parameterized SPL connections (F_SENDDP and
F_RECVDP) automatically boot and establish cyclic F communication with their
particular communication partner.
The boot state of the F_DP communication is represented in the output data of the
user interface (DB18) as follows:
S F_SENDDP (NCK)
-- $A_FSDP_ERROR[1...n] = 0
-- $A_FSDP_DIAG[1...n] = 0
-- $A_FSDP_SUBS_ON[1...n] = 1
S F_SENDDP (PLC)
-- FSDP[1..3] bzw. FSDP_HF[4..16]
-- .ERROR = FALSE
-- .SUBS_ON = TRUE
-- .DIAG = 0
-- .RETVAL14 = 0
-- .RETVAL15 = 0
S F_RECVDP (NCK)
-- $A_FRDP_ERROR[1...n] = 0
-- $A_FRDP_DIAG[1...n] = 0
-- $A_FRDP_SUBS_ON[1...n] = 1
-- $A_FRDP_ACK_REQ[1...n] = 0
-- $A_FRDP_SENDMODE[1...n] = 0

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-275
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

S F_RECVDP (PLC)
-- FRDP[1..3] bzw. FRDP_HF[4..16]
-- .ERROR = FALSE
-- .SUBS_ON = TRUE
-- .ACK_REQ = FALSE
-- .SENDMODE = FALSE
-- .DIAG = 0
-- .RETVAL14 = 0
-- .RETVAL15 = 0
As long as an F_DP communication relationship is still not in cyclic F communica-
tion, the substitute values $MN_SAFE_RDP_SUBS[1..3] and FRDP[1..3].SUBS or
FRDP_HF[4..16].SUBS are output to the SPL inputs $A_INSE / SPL_DATA.IN-
SEP:
S $A_INSE = $A_FRDP_SUBS / SPL_DATA.INSEP[x...y] =
FRDP[1...n].SUBS[0...15]

Note
From the F_DP communication side, there is no time limit when waiting for the
communication partner. Limiting the waiting time with a response when exceeded,
must be implemented in the application itself.

After an error--free boot, the cyclic F communication is represented in the output

data of the user interface as follows:
S F_SENDDP (NCK)
-- $A_FSDP_ERROR[1...n] = 0
-- $A_FSDP_DIAG[1...n] = 0
-- $A_FSDP_SUBS_ON[1...n] = 0
S F_SENDDP (PLC)
-- FSDP[1...3] or FSDP_HF[4..16]
-- .ERROR = FALSE
-- .SUBS_ON = FALSE
-- .DIAG = 0
-- .RETVAL14 = 0
-- .RETVAL15 = 0
S F_RECVDP (NCK)
-- $A_FRDP_ERROR[1...n] = 0
-- $A_FRDP_DIAG[1...n] = 0
-- $A_FRDP_SUBS_ON[1...n] = 0
-- $A_FRDP_ACK_REQ[1...n] = 0
-- $A_FRDP_SENDMODE[1...n] = X (value corresponding to the received F
telegram)
S F_RECVDP (PLC)
-- FRDP[1...3] or FRDP_HF[4..16]
-- .ERROR = FALSE
-- .SUBS_ON = FALSE
-- .ACK_REQ = FALSE
-- .SENDMODE = X (value corresponding to the received F telegram)

© Siemens AG 2015 All Rights Reserved

7-276 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

-- .DIAG= 0
-- .RETVAL14 = 0
-- .RETVAL15 = 0
When cyclic F communication is established, the process values received by
F_SENDDP are output at the SPL inputs SPL inputs $A_INSE / SPL_DATA.IN-
SEP.
S $A_INSE / SPL_DATA.INSEP[x...y] = process values

Note
User acknowledgment is not required for the transition from booting into cyclic F
communication.

7.4.9 Communication error after the control boots and active SPL
processing

After a communication error has been detected, F_RECVDP outputs the substitute
values $A_FRDP_SUBS / FRDP[1..3].SUBS or FRDP_HF[4...16] programmed in
the user program to the SPL inputs ($A_INSE / SPL_DATA.INSEP).
F_SENDDP and F_RECVDP initiate the error response $A_FSDP/
FRDP_ERR_REAC (PLC: FSDP/FRDP[1..3].ERR_REAC) or FRDP_HF[4...16].
F_SENDDP and F_RECVDP immediately attempt to resume cyclic F_DP commu-
nication.

Note
There is no time limit when waiting for the communication partner.

The error state of the F_DP communication is represented as follows in the output
data of the user interface:
S F_SENDDP (NCK)
-- $A_FSDP_ERROR[1...n] = 1
-- $A_FSDP_DIAG[1...n] = X (value corresponding to the detected communi-
cation error)
-- $A_FSDP_SUBS_ON[1...n] = 1

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-277
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

S F_SENDDP (PLC)
-- FSDP[1...3] or FSDP_HF[4..16]
-- .ERROR = TRUE
-- .SUBS_ON = TRUE
-- .DIAG = X (value corresponding to the identified communication error)
-- .RETVAL14 = X (value not equal to 0 if the error was detected by SFC)
-- .RETVAL15 = X (value not equal to 0 if the error was detected by SFC)
S F_RECVDP (NCK)
-- $A_FRDP_ERROR[1...n] = 1
-- $A_FRDP_DIAG[1...n] = X (value corresponding to the identified communi-
cation error)
-- $A_FRDP_SUBS_ON[1...n] = 1
-- $A_FRDP_ACK_REQ[1...n] = 0
-- $A_FRDP_SENDMODE[1...n] = X (value corresponding to the last valid F
telegram)
-- $A_INSE = $A_FRDP_SUBS
S F_RECVDP (PLC)
-- FRDP[1...3] or FRDP_HF[4..16]
-- .ERROR = TRUE
-- .SUBS_ON = TRUE
-- .ACK_REQ = FALSE
-- .SENDMODE = X (value corresponds to the last valid F telegram)
-- .DIAG = X (value corresponding to the detected communication error)
-- .RETVAL14 = X (value not equal to 0 if the error was detected by SFC)
-- .RETVAL15 = X (value not equal to 0 if the error was detected by SFC)
SPL_DATA.INSEP[x...y] = FRDP[1...].SUBS or FRDP_HF[4...16].SUBS
If the F_DP communication relationship resumes error--free cyclic operation, then it
sets the request that the user explicitly acknowledges the communication error
using $A_FRDP_ACK_REQ = 1 (PLC: FRDP[1...3] or FRDP_HF[4..16].ACK_REQ
= TRUE). Substitute values are still output as long as the user acknowledgment
has not been given. The user acknowledges the request using
DB18.FRDP_ACK_REI = 1 (PLC: FRDP[1...n].ACK_REI = TRUE) or Channel_1
reset.
The wait state for the user acknowledgment is represented in the output data of
the user interface as follows:
S F_SENDDP (NCK)
-- $A_FSDP_ERROR[1...n] = 1
-- $A_FSDP_DIAG[1...n] = X (value corresponding to the detected communi-
cation error)
-- $A_FSDP_SUBS_ON[1...n] = 1
S F_SENDDP (PLC)
-- FSDP[1...3] or FSDP_HF[4..16]
-- .ERROR = TRUE
-- .SUBS_ON = TRUE
-- .DIAG = X (value corresponding to the detected communication error)
-- .RETVAL14 = 0
-- .RETVAL15 = 0

© Siemens AG 2015 All Rights Reserved

7-278 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

S F_RECVDP (NCK)
-- $A_FRDP_ERROR[1...n] = 1
-- $A_FRDP_DIAG[1...n] = X (value corresponding to the identified communi-
cation error)
-- $A_FRDP_SUBS_ON[1...n] = 1
-- $A_FRDP_ACK_REQ[1...n] = 1
-- $A_FRDP_SENDMODE[1...n] = X (value corresponding to the last valid F
telegram)
-- $A_INSE = $A_FRDP_SUBS
S F_RECVDP (PLC)
-- FRDP[1...3] or FRDP_HF[4..16]
-- .ERROR = TRUE
-- .SUBS_ON = TRUE
-- .ACK_REQ = TRUE
-- .SENDMODE = X (value corresponding to the received F telegram)
-- .DIAG = X (value corresponding to the detected communication error)
-- .RETVAL14 = 0
-- .RETVAL15 = 0
SPL_DATA.INSEP[x...y] = FRDP[1...3].SUBS or FRDP_HF[4..16].SUBS

Note
After an F_DP communication error, to enable F_DP communication, a user
acknowledgment using the interface signal DB18.FRDP_ACK_REI is sufficient.
If, in addition to the F_DP communication, pending alarms with NCK responses --
and possibly Stop D/E -- are to be reset, then the user acknowledgment must be
realized using a channel_1 reset.

After the user acknowledgment has been given, the F_DP communication is repre-
sented in the output data of the user interface as follows:
S F_SENDDP (NCK)
-- $A_FSDP_ERROR[1...n] = 0
-- $A_FSDP_DIAG[1...n] = 0
-- $A_FSDP_SUBS_ON[1...n] = 0
S F_SENDDP (PLC)
-- FSDP[1...3] or FSDP_HF[4..16]
-- .ERROR = FALSE
-- .SUBS_ON = FALSE
-- .DIAG = 0
-- .RETVAL14 = 0
-- .RETVAL15 = 0
S F_RECVDP (NCK)
-- $A_FRDP_ERROR[1...n] = 0
-- $A_FRDP_DIAG[1...n] = 0
-- $A_FRDP_SUBS_ON[1...n] = 0
-- $A_FRDP_ACK_REQ[1...n] = 0
-- $A_FRDP_SENDMODE[1...n] = X (value corresponding to the F telegram)
-- $A_INSE = process values

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-279
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

S F_RECVDP (PLC)
-- FRDP[1...3] or FRDP_HF[4..16]
-- .ERROR = FALSE
-- .SUBS_ON = FALSE
-- .ACK_REQ = FALSE
-- .SENDMODE = X (value corresponding to the received F telegram)
-- .DIAG = 0
-- .RETVAL14 = 0
-- RETVAL15 = 0

Note
If a DP slave is switched off using F_SENDDP / F_RECVDP with communication
active, then among other things, the PLC signals the Alarms 400551/400552
”MPI/DP bus error”. The alarms are not issued if, before the DP slave is switched
off, this is specifically deactivated by calling SFC12 [D_ACT_DP].

7.4.10 Communication error when the control boots before SPL

processing starts

When booting, the user interface (DB18) is initialized with the boot substitute
values and the boot error response from the NCK machine data. The values are
valid and are effective for communication error as long as they are not overwritten
with values from the SPL.
Initializing when booting:
FRDP[1...3] or FSDP_HF[4..16].ERR_REAC = $MN_SAFE_SDP_ERR_REAC
FRDP[1...3] or FRDP_HF[4..16].SUBS[0..15] = $MN_SAFE_RDP_SUBS
FRDP[1...3] or FRDP_HF[4..16].ERR_REAC = $MN_SAFE_RDP_ERR_REAC

7.4.11 Acknowledging a communication error with channel_1 reset

If, due to a communication error, an alarm with NCK responses and possibly a
STOP D/E initiated, then the user acknowledgment must be realized using a
channel_1 reset in order that the alarms are cleared and the alarm responses
reset. If the channel_1 reset is initiated before setting the request for the user
acknowledgment $A_FRDP_ACK_REQ, then the NCK responses are reset within
the scope of the reset processing. As a result of the communication error that is
still present, the alarm is again initiated in the next F_DP clock cycle and the NCK
responses are reactivated.

© Siemens AG 2015 All Rights Reserved

7-280 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

If the error response (STOP D/E), programmed when a communication error

occurs, prevents e.g. moving plant/systems into a suitable position required to
continue operation in a production plant or system, then the error response must
be re--programmed before acknowledging the NCK responses using a channel_1
reset.
Example
1. The currently programmed error response is $A_FRDP_ERR_REAC = 0
(Alarm 27350 + STOP D/E).
2. A communication error is identified and the responses Alarm 27350 + STOP
D/E initiated.
3. In order that the plant can continue to produce, the component involved should
be manually moved into a suitable position. To do this, error response
$A_FRDP_ERR_REAC must be set to 3 (no Alarm) in the user program and
then a channel_1 reset must be initiated. The alarms are then cleared and the
NCK responses reset.
4. The error response is initiated again as the communication error is still present
after the channel_1 reset. Due to the fact that the error response was re--pro-
grammed, an alarm is not initiated and no NCK interlocks due to STOP D/E are
effective. This means that the plant components can be moved.

7.4.12 F_DP communication for a system error

There is a system error, if incorrect behavior (inappropriate response) is detected,

which is not caused by a communication error described in the F_DP protocol, but
was only the result of incorrect behavior (malfunction) of the system software or
hardware.
Driver--specific system errors:
S Asynchronous fault state (StateFault)
The NCK or PLC--F_DP driver is in the fault/error state while the F_DP of the
2nd channel is not in a fault state.
=> Alarm 27355
S Sign--of--life monitoring (LifeSign)
The NCK or PLC--F_DP driver has not updated its sign--of--life.
=> Alarm 27355
S Discrepancies in the F telegram data (TelegramDiscrepancy)
NCK and PLC--F_DP drivers cyclically generate an F telegram with diversity
through 2 channels. The two F telegrams are compared before compiling the
F telegram to be sent. A discrepancy in the telegram data was identified in this
comparison.
=> Alarm 27355

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-281
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

S Discrepancies in the output data (OutputdataDiscrepancy)

The F_DP drivers indicate their particular state using various output data. At the
end of each F_DP clock cycle, the NCK and PLC status data are compared and
they must match.
=> Alarm 27355
The following output data are compared:
F_SENDDP (NCK)
-- $A_FSDP_ERROR[1...n]
-- $A_FSDP_SUBS_ON[1...n]
F_SENDDP (PLC)
-- FSDP[1..3] or FSDP_HF[4..16].ERROR
-- FSDP[1..3] or FSDP_HF[4..16].SUBS_ON
F_RECVDP(NCK)
-- $A_FRDP_ERROR[1...n]
-- $A_FRDP_SUBS_ON[1...n]
-- $A_FRDP_ACK_REQ[1...n]
-- $A_FRDP_SENDMODE[1...n]
F_RECVDP(PLC)
-- FRDP[1..3] or FRDP_HF[4..16].ERROR
-- FRDP[1..3] or FRDP_HF[4..16].SUBS_ON
-- FRDP[1..3] or FRDP_HF[4..16].ACK_REQ
-- FRDP[1..3] or FRDP_HF[4..16].SENDMODE
F_DP communication--specific system error
S The SPL input/output data are not updated (SPL I/O--communication)
Data exchange between the SPL and the F_DP drivers is interrupted.
=> Alarm 27355
S No longer any communications between the NCK and PLC
The PLC was not able to process the OB40 request for F_DP communication
within the maximum monitoring time of 500 ms.
=> Alarm 27355
Depending on the particular error, the cyclic processing of the F_DP driver (driver--
specific system error) or the complete F_DP communication (F_DP communica-
tion--specific system error) is stopped and the relevant alarm is displayed. With the
alarm, the NC start is locked and Stop D/E initiated.
Behavior regarding SPL:
Stopped F_RECVDP drivers output fail--safe values (0) as F net data towards the
SPL.
Behavior regarding communication partners:
Stopped F_DP drivers no longer generate any F telegrams. At the latest after the
configured timeout time, the communication partners detect the F_DP communica-
tion failure and go into the safe state corresponding to the specified profile.

© Siemens AG 2015 All Rights Reserved

7-282 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

7.4.13 NCK/PLC data exchange

Cyclic F_DP data transfer

After evaluating the machine data of the F_DP communication through the NCK
and PLC--F_DP layer and initializing the parameterized F_SENDDP and
F_RECVDP drivers, cyclic operation of both F_DP layers is started.
From this instant in time onwards, the NCK initiates an OB40 alarm on the PLC in
the set F_DP clock cycle (multiple of the IPO clock cycle, set via MD
$MN_SAFE_SRDP_IPO_TIME_RATIO). The basic program software on the PLC
side for F_DP communication is then run.
If, when attempting to issue an OB40 request to the PLC, it is identified that the
previous request has still not been executed, then no new request is issued in this
F_DP clock cycle. An OB40 request is only issued to the PLC, if the PLC has
enabled the interface, i.e. after acknowledging the previous request.
From the first unsuccessful attempt, attempts to issue a new OB40 request to the
PLC are no longer realized in the F_DP clock cycle but in the IPO clock cycle, so
that a communication error (timeout) does not occur as a result of the delay on the
side of the external F--CPU.
If an OB40 request from the PLC is not acknowledged up to a max. limit value of
500 ms limit, Alarm 27352 ”F_DP: Communication error %1, Error %2” is output
and the configured stop response (Stop D/E) initiated. F_DP communication
processing is stopped. The F_RECVDP drivers output fail--safe values (0) as F net
data.
After the OB40 has been exited, the PLC returns to the level that was interrupted.
The input image on the PLC side is updated in DB18 after the end of the actual
OB1 cycle. This therefore ensures that the PLC--SPL always processes contiguous
input information from a time perspective.

7.4.14 Effects on the SPL

Using the F_DP communication has no effect on existing SPL programs with
reference to the interlocking logic in them. However, a conflict can occur when
assigning SPL inputs, if an SPL input is to be written to from several applications,
e.g. F_RECVDP and PROFIsafe.
The multiple assignment of an SPL input is identified, when booting -- across
applications -- and is displayed using Alarm 27099 ”Double assignment in SPL
assignment MD %1[%2] -- MD %3[%4]”.
The evaluation of the status signals of the SPL connections and changing the
system responses in the case of an error must, if necessary, be additionally
programmed in the SPL.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-283
Connecting Sensors/Actuators 10/15
7.4 Safety--related CPU--CPU communication (F_DP communication)

Warning
! Depending on the application, the user must invert the status signals of an
F_SENDDP--/F_RECVDP connection (e.g. $A_FSDP_ERROR[1...n],
$A_FSDP_SUBS_ON[1...n], $A_FRDP_ERROR[1...n],
$A_FRDP_SUBS_ON[1...n], $A_FRDP_SENDMODE) when further processing in
the SPL. This is done in order to ensure a safe state in the case of incorrect
behavior/response of the PLC or NCK.

Example:
If $A_FRDP_SENDMODE is to be output as safety--related signal from the SPL to
PROFIsafe, then this signal must first be inverted. This is done in order that the
fail--safe value ”0” also corresponds to the safe state, i.e. it has the significance
”deactivated safety mode”.

7.4.15 Functionality of the SPL input/output data

Only the user (machinery construction OEM) defines the functionality of the SPL
input/output data within the scope of the F_DP communication.
The SPL programs of NCK--SPL and PLC--SPL are not executed synchronously
(from a time perspective). Brief differences in the output data of the two SPL
programs (NCK: $A_OUTSE, PLC: $A_OUTSEP) can occur due to the runtime
differences in the SPL programs.
In order that PLC and NCK--F_SENDDP use identical F net data when generating
an F telegram through two channels, the SPL output data are exchanged alternat-
ing between the two channels (PLC: $A_OUTSEP and NCK: $A_OUTSE) in each
F_DP clock cycle and are then AND’ed before the sending. For safety reasons, the
user (machinery construction OEM) must select the functionality of an SPL input/
output data so that the value ”0” corresponds to the safe state of the functionality
represented by this data. Only then can it be absolutely ensured that the appro-
priate function is only activated on CPU2 (F_RECVDP) if the function is activated
in both SPL programs (PLC--SPL and NCK--SPL) of CPU1 (F_SENDDP).

Warning
! For safety reasons, this is the reason that the functionality of an SPL input or
output data is selected so that the value ”0” corresponds to the safe state of the
functionality represented by this data.

© Siemens AG 2015 All Rights Reserved

7-284 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.4 Safety--related CPU--CPU communication (F_DP communication)

The synchronization of the SPL output data described above ensures that if it is
intended to simultaneously change several SPL output data in the SPL program,
then these are also consistently transferred (in time) in the F net data telegram of
the F_SENDDP. If, in a user application, several SPL output data are interpreted
as a contiguous bit pattern, it must therefore be taken into account that inter-
mediate values can briefly occur.
Example:
Three SPL output data are considered to be contiguous. The value is changed
from 101 to 110 in both SPL programs (NCK--SPL and PLC--SPL).
Values transferred from the F_SENDDP in the F net data telegram:

NCK--SPL AND PLC--SPL = F net data telegram

Output value 101 & 101 = 101
Possible intermediate values 110 & 101 = 100
Final value 110 & 110 = 110

Warning
! Due to runtime differences in the NCK--SPL and PLC--SPL, it cannot be
guaranteed that these are sent consistently (in time) by F_SENDDP in the F net
data telegram when several SPL output data are simultaneously changed (NCK:
$A_OUTSE, PLC: $A_OUTSEP).

7.4.16 Boundary conditions

For SINUMERIK 840D sl, the following restrictions apply for the safety--related
CPU--CPU communication to couple plants and systems:
S The 2 integer values, defined in the F net data area of the F telegram, are not
used or not evaluated by the F_SENDDP and F_RECVDP realized for
SINUMERIK.
S Axis specific SGE/SGA cannot be directly coupled to F_SENDDP and
F_RECVDP.
S A maximum of 250 ms can be set for the F_DP clock cycle.
S The F net data are automatically coupled to the SPL interface in data block DB
18 by the basic PLC program. It is not possible to couple them in a PLC user
program.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-285
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

7.5 Safe programmable logic (SPL)

Warning
! Using ”safe programmable logic” (outside the commissioning phase) is only
possible if at least one real axis is operated with enabled and active safety
functionality.

7.5.1 Fundamentals

Function
These signals must be logically combined (interlocked) in a safety--related, freely
programmable form in order to be able to flexibly process safety--related external
process signals and safety--related internal input and output signals. The ”Safe
Programmable Logic” (SPL) handles this task as an integral system component.
Features:
S Logic operations implemented by the user are cyclically processed.
S Instructions are effective in all operating modes.
S The PLC program immediately starts to execute the instructions after the
control has booted.
S The SGE/SGA must be supplied by the machine manufacturer -- both in the
drive monitoring channel as well as in the NCK monitoring channel.
S The NCK--SPL is written as ASUB using the CNC function synchronous
actions. The PLC--SPL is written as PLC user program.
In order to check that the two SPLs (PLC and NCK) are functioning, the system
program arranges cyclic data comparison between the PLC and NCK.

© Siemens AG 2015 All Rights Reserved

7-286 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

SGE SGA
NCK--SPL

Direct connection of a maximum of Max. 192 safety--related

192 safety--related sensors actuators can be connected

Crosswise result and
(e.g.: Mode switch, light (e.g.: Protective door
data comparison
barriers, Emergency Stop,...) interlocking, motor brakes, ...)

PLC--SPL
SGE SGA

Figure 7-31 Safe Programmable Logic

External Internal
SGE/SGA SGE/SGA

NCK signal processing Interface

F--Send/Receive--DP

NCK-- NCK--SGE/ Comparator

PROFIsafe or

SPL SGA
signals Data
Machine
NCK monitoring channel
Comm. SPL-- Axis
CDC CDC CDC

Drive monitoring channel

PROFIsafe or
F--Send/Receive--DP

NC--/PLC Comparator
F_SENDDP/
interface:
F_RECVDP
PROFIsafe or

Bus PLC--
SPL Axis/
Data
spindle DB

PLC signal processing Interface

Process System

Figure 7-32 Integration of SPL into the overall system

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-287
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Crosswise data comparison

Data is cyclically exchanged between the PLC and NCK to check the correct
functioning of the two SPLs (PLC and NCK). Just the same as the comparison
between the NCK and the drive, it cross--checks the signals that arrive at the SPL,
the safety--related signals generated by the SPL as well as internal markers.
The discrepancy time for the crosswise data comparison of SPL variables is per-
manently set to 1 s (or 10 s $A_CMDSI).
The following signals are included in the crosswise data comparison between the
NCK and the PLC:

Table 7-5 Signals for crosswise data comparison

NCK--SPL data Signal image of the PLC data PLC--SPL data (DB18)
$A_INSE[1 ... 64] $A_INSEP[1...64] DBX38.0 ... DBX45.7
$A_OUTSE[1 ... 64] $A_OUTSEP[1...64] DBX46.0 ... DBX53.7
$A_INSI[1 ... 64] $A_INSIP[1...64] DBX54.0 ... DBX61.7
$A_OUTSI[1 ... 64] $A_OUTSIP[1...64] DBX62.0 ... DBX69.7
$A_MARKERSI[1 ... 64] $A_MARKERSIP[1...64] DBX70.0 ... DBX77.7
$A_FSDP_ERR_REAC[1...16] -- DBW190, DBW200, DBW210
DBW448, DBW458, DBW468
--
DBW548, DBW558, DBW568
$A_FRDP_SUBS[1...16] -- DBW220, DBW232, DBW244
DBW578, DBW590, DBW602
--
DBW698, DBW710, DBW722
$A_FRDP_ERR_REAC[1...16] -- DBW222, DBW234, DBW246
DBW580, DBW592, DBW604
--
DBW700, DBW712, DBW724
$A_INSE[65...192] $A_INSEP[65...192] DBX272.0 ...DBX287.7
$A_OUTSE[65...192] $A_OUTSEP[65...192] DBX288.0 ...DBX303.7
$A_INSI[65...192] $A_INSIP[65...192] DBX304.0 ...DBX319.7
$A_OUTSI[65...192] $A_OUTSIP[65...192] DBX320.0 ...DBX335.7
$A_MARKERSI[65...192] $A_MARKERSIP[65...192] DBX336.0 ...DBX351.7
$MN_PREVENT_SYN- --
ACT_LOCK
$MN_SAFE_SPL_STOP_MODE --
$MN_SAFE_SPL_USER_DATA -- DBD256, DBD260, DBD264,
DBD268

© Siemens AG 2015 All Rights Reserved

7-288 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

If a difference is detected between the signals of both channels, this is indicated

using Alarm 27090/27091 and the configured stop response (STOP D/E) is initia-
ted if the SPL commissioning phase has been defined to have been completed.
If the user attempts to acknowledge the initiated alarms and stop responses,
without having resolved the cause of the CDC error, then the stop response as well
as the alarm are initiated again.
To acknowledge a fault in the SPL--CDC, then the signal channel 1 reset
(DB21.DBX7.7) must be set for at least 100 ms.
For PLC--controlled axis the axis--specific reset must first be set up via
DB3x.DBX28.1 with a negative edge of the channel 1 reset.
The criterion ”commissioning phase completed” is derived from the NCK--MD
$MN_PREVENT_SYNACT_LOCK[0,1] in the NCK. If one of the two field entries is
not equal to 0, ”commissioning phase completed” is set by CDC internally. On the
PLC side, this criterion is entered using DB18.DBX36.0. If this bit is set to ”1”, then
the commissioning phase is considered to have been completed. An SPL--CDC
error results in a stop response only after the SPL commissioning phase has been
completed.
The stop response for an SPL--CDC error is set in the NCK using NCK--MD
$MN_SPL_STOP_MODE. If the MD value is 3, for an SPL--CDC error, a STOP D
is initiated -- for an MD value of 4, a STOP E is initiated. On the PLC side, this stop
response is entered using DB18.DBX36.1. If this bit is set to ”1”, for an SPL--CDC
error, a STOP E is initiated -- otherwise a STOP D.
Any changes to data on the NCK and PLC side do not take effect until after power
on.

Clearing the external SPL outputs for SPL system errors

If communication between NCK and PLC is interrupted with reference to the SPL--
CDC, then all external SPL output signals ($A_OUTSE/$A_OUTSEP) are cleared
with a 5 s delay.
This state occurs if data for crosswise data comparison is not exchanged between
the NCK and PLC for one second. This is due to the fact that
-- the one second limit of the user cycle limit in the PLC (OB1 cycle) was
exceeded.
-- a system error has occurred. The NCK or PLC system software no longer runs
due to a system error -- therefore interrupting communications.
Behavior of the NCK
The specified timer of 5 s is started if Alarm 27092 ”Communication interrupted for
crosswise data comparison NCK--SPL, error detected by %1” is initiated. This is
independent of which component (NCK or PLC) interrupted the alarm.
The system variable $A_STATSID, bit 29 = 1 is used to indicate to the SPL user
that this timer has been started. This means that he has a possibility of initiating
plant/system--specific actions before the system deletes (clears) the output.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-289
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

After this time has expired, the system deletes the external SPL outputs. The
status variable $A_STATSID, bit 29 remains set. When reading--back the external
outputs in the NCK--SPL via the system variable $A_OUTSE, ”0” is read corre-
sponding to the actual output status.
Behavior of the PLC
If, on the PLC side, it is detected that the communication timeout has been
exceeded, then a timer is started with 5 s.
After this time has expired, the PLC goes into Stop (by calling an SFC46). This
state can only be exited using a power on.
After the 5 s timer has expired, for diagnostics purposes, the PLC outputs Alarm
400253 ”PLC--STOP due to SPL system error”. At the same time, an entry with the
same significance is located in the diagnostics buffer.
Using the status signal DB18.DBX119.5, the SPL programmer and the NCK is
provided with the information that the timer was started. This means that he has
the possibility of initiating system--specific actions before the PLC goes into the
stop condition.

Note
In order to achieve the shortest possible response time, the system variable
$A_STATSID, bit 29 and the status signal DB18.DBX119.5 must be evaluated in
the SPL in order to bring, as far as possible, the SPL--SGA into a safe state
(cleared SPL--SGA).

Boundary conditions
The user must take into consideration the following points regarding the functioning
of the crosswise data comparison:
S Both channels (NCK/PLC) must execute the same logic.
S Do not implement any response sequences or sequence controllers that are
externally controlled using short input pulses. This is because short pulses of
this type may only be sent and processed in one channel because of sampling
effects.
S Unused inputs/outputs/markers of the SPL must be assigned the default value
= 0; single--channel use of individual bits for non--safety relevant purposes is
not permissible.
S External STOPs must be enabled (they are also used internally) and can be
extracted from the SPL if required. When using the SPL via MD
$MA_SAFE_EXT_STOP_INPUT[0], for all safety axes, the external STOP A
must be parameterized at the SPL interface. If this condition is not fulfilled, then
Alarm 27033 is output.

© Siemens AG 2015 All Rights Reserved

7-290 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

S Crosswise data comparison checks whether the ”commissioning phase” has

been completed. If errors are detected in the crosswise data comparison, a
”STOP D/E” is triggered on the NCK and drive depending on this criterion. If the
commissioning phase has not been completed after booting, Alarm 27095 ”SPL
protection not activated” is repeatedly displayed (every 3 hours).
S In the case of a crosswise data comparison error, no system response is
initiated regarding the SGE/SGA processed by the SPL. Users must implement
this themselves. The only exception is when a system error is detected as was
described above.

7.5.2 Synchronized actions for Safety Integrated

Motion--synchronizing actions (or ”synchronizing actions” for short) are instructions

programmed by the user, which are evaluated in the interpolation cycle of the NCK
in synchronization with the execution of the part program. If the condition program-
med in the synchronized action is fulfilled (logical expression) or if none is speci-
fied, then actions assigned to the instruction are activated in synchronism with the
remainder of the part program run.

Description
The number of programmable synchronized action blocks depends entirely on the
configurable number of synchronized action elements. The number of storage
elements for general synchronized motion actions (synchronized action elements)
is defined in machine data MD 28250 MD28250 MM_NUM_SYNC_ELEMENTS.
The memory management is listed separately in order to be able to handle
synchronized actions for SAFE.SPF independently.
MD28251 $MC_MM_NUM_SAFE_SYNC_ELEMENTS is used to configure the
memory for the safety synchronized action elements.
All modal synchronized actions that are programmed in the sub--program
/_N_CST_DIR/_N_SAFE_SPF retrieve their elements from this memory area.
In order to determine the required for synchronized action elements, at the start
and at the end of SAFE.SPF, system variables $AC_SAFE_SYNA_MEM can be
read. The difference between these values is then the number of synchronized
action elements required. This value plus a possible reserve must be entered into
MD28251 $MC_MM_NUM_SAFE_SYNC_ELEMENTS.
Reference: Function Description Synchronized Actions

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-291
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

7.5.3 User configurations

In order to provide users (machinery construction OEMs, SPL programmers), the

option of being able to save various machine configurations in a protected way
(e.g. regarding the I/O structure or the number of safety--related axes), data are
defined in the NCK (MD) and PLC (DB18) in which users can save such informa-
tion. These data can be interrogated in order to execute different SPL instructions
e.g. corresponding to the meaning.
These data have no function for the NCK and PLC (they are not interpreted any
further by the NCK and PLC).
In this case, for the NCK, a general machine data field applies
MD13312 $MN_SAFE_SPL_USER_DATA[0...3]
Users can save information in this MD that must be set the same as the corre-
sponding data in DDB18(DBD256, 260, 264, 268), e.g.

MD13312[0] $MN_SAFE_SPL_USER_DATA[0] 12 AB 34 FF
DB18.DBD256 SPL_USER_DATA[0]
DBB256 12 DBB257 AB DBB258 34
DBB259 FF

MD13312[1] $MN_SAFE_SPL_USER_DATA[1] 11 22 34 44
DB18.DBD260 SPL_USER_DATA[1] DBB262 DBB263
DBB260 11 DBB261 22 33 44

MD13312[2] $MN_SAFE_SPL_USER_DATA[2] AA BB CC DD
DB18.DBD264 SPL_USER_DATA[2]
DBB264 AA DBB265 BB DBB266 CC
DBB267
DD

MD13312[3] $MN_SAFE_SPL_USER_DATA[3] 11 00 22 00
DB18.DBD268 SPL_USER_DATA[3] DBB268 11 DBB269 00 DBB270 22 DBB271 00

Figure 7-33 Assignment between MD13312 and data block DB18

Differences between the NCK and PLC data are identified using the SPL--CDC and
result, corresponding to the parameterized stop response, in a STOP D/E on all
safety--related axes. Alarm 27090 ”Error for crosswise Data comparison NCK--
PLC” is output with a reference to the machine data.
Further, system variable $A_STATSID, bit 27 = 1 is used to indicate to the SPL
user that there is an SPL--CDC error.
Changes to machine data or DB18 data only become effective after power on.
Changes to data are indicated using a corresponding alarm after restart.

© Siemens AG 2015 All Rights Reserved

7-292 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

7.5.4 NCK-- SPL program

Description
The NCK--SPL program is written as an NC program (ASUB) with synchronized
actions.

Features
The NCK--SPL program has the following features:
S The program can be started manually with NC START during commissioning.
S The following applies once the program has been started:
-- The synchronous actions assigned an ID No. are cyclically executed in the
IPO clock cycles (modal)
-- The synchronous actions assigned the keyword IDS remain active even
after the operating mode has been changed or NC--STOP/NC RESET
-- In order to check the program, the status of the active synchronous actions
(operating area ”Machine”, soft key ”Synchronous actions”) can be dis-
played.
-- The program can be modified during commissioning. It must then be re--
started.
-- The NCK--SPL program is saved in the NCK path_N_CST_DIR as sub--
routine ”_N_SAFE_SPF” (HMI view: Standard cycles / SAFE.SPF).
Other sub--routine names are not permitted.
S The images of the PLC safety variables ($A_INSIP(D), $A_OUTSIP(D), $A_IN-
SEP(D), $A_OUTSEP(D), $A_MARKERSIP(D)) are required for the simulation
(on the NC side) of an SPL. These can be used to develop the SPL step--by--
step. They can only be read by the NCK.

Protective mechanisms
S The synchronized action IDs used for the NCK--SPL are protected from being
influenced by the PLC or other programs using MD $MN_PREVENT_SYN-
ACT_LOCK. To activate the protection, the number range of the synchronized
action IDs used in the SPL program must be entered into the two fields of
machine data $MN_PREVENT_SYNACT_LOCK. It is then no longer possible
to change these synchronized actions (CANCEL, LOCK have no effect) once
_N_SAFE_SPF has been started.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-293
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

S When changing the machine data $MN_PREVENT_SYNACT_LOCK[0,1] from

zero to values not equal to zero, an option set for the SPL inputs and outputs
and an SPL file under /_N_CST_DIR/_N_SAFE_SPF, then Alarm 27098 ”SPL
commissioning phase complete” is initiated. This can only be acknowledged
with a power on and should be used as information for the user, that
a) the SPL protective mechanisms (see Table 7-6) are activated
b) a restart is necessary in order to activate these protective mechanisms.
S System variables $A_OUTSI, $A_OUTSID, $A_OUTSE, $A_OUTSED,
$A_MARKERSI, $A_TIMERSI, $A_CMDSI, $A_FSDP_ERR_REAC,
$A_FRDP_ERR_REAC and $A_FRDP_SUBS are protected from being written
to by programs other than the NCK--SPL (/_N_CST_DIR/_N_SAFE_SPF). If an
error occurs, Alarm 17070 ”Channel %1 block %2 data item write--protected” is
output.
S A reference checksum is calculated when booting and for changes/saving the
file by the NCK--SPL (/_N_CST_DIR/_N_SAFE_SPF) -- it is entered into the
program as a comment:
Example: ; SAFE_CHECKSUM = 000476bbH
The checksum is then cyclically re--calculated and compared with the reference
checksum. If a deviation is detected, Alarm 27093 ”Checksum error NCK--SPL,
%1, %2, %3” is output.
S The system variables $A_INSIP(D), $A_OUTSIP(D), $A_INSEP(D), $A_OUT-
SEP(D) and $A_MARKERSIP(D) are only accessible during the commissioning
phase.
If NCK--SPL execution is interrupted for any reason or the SI system variables are
changed by another program, then this is detected by the cyclic crosswise data
comparison with the PLC.

Table 7-6 Response to SPL errors

Event MD11500 $MN_PREVENT_ MD11500 $MN_PREVENT_

SYNACT_LOCK[m,n] equal to 0 SYNACT_LOCK[m,n] not equal to 0

Crosswise data comparison Alarm 27090 is triggered Alarm 27090 is triggered and in
NCK--PLC identifies an error addition, STOP D/E is triggered
SPL program file is to be changed No response Alarm 27093 is initiated
(written, deleted, re--named, edited)

© Siemens AG 2015 All Rights Reserved

7-294 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Warning
! The protective mechanisms that prevent changes to the NCK--SPL file and the
NCK--SPL instructions (statements) are only effective if
MD $MN_PREVENT_SYNACT_LOCK[0,1] is not equal to 0.
The machine construction OEM must ensure that the protective mechanisms are
activated no later than after the completion of the acceptance test and the values,
set in MD $MN_PREVENT_SYNACT_LOCK[0,1] are documented in the
acceptance report.
After commissioning has been completed, the access rights to the SAFE.SPF file
must be set to the correct access level for writing/reading/deleting access
operations (manufacturer or service).

As long as the protective mechanisms for the NCK--SPL have not been activated
(MN_PREVENT_SYNACT_LOCK[0.1] equal to 0), Alarm 27095 is displayed when
the crosswise data comparison between the NCK and the PLC starts. This alarm
can be acknowledged with the NCK key so that the SPL can be commissioned.

Note
The SPL program must be addressed using upper case letters. Alarm 27097 is
output if this is not observed.

7.5.5 Starting the SPL

The NCK--SPL is active after the control has booted, if

1. the functions SBH/SG and ”external STOPs” have been enabled for at least
one axis using $MA_SAFE_FUNCTION_ENABLE,
2. one of the NCK--SPL interfaces is used.
This means that an axis--specific SGE/SGA was parameterized at one of the
SPL interfaces using its assignment MD.
In this case, the ”external STOP A” must be parameterized at the SPL interface for
all of the axes that use Safety Integrated.
NCK--SPL (SAFE.SPF) can be started in three different ways:
S Start via safety power on
S Start via PROG_EVENT
S Start via the PLC program

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-295
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

SPL start without axis--specific safety enable

When the machine is being commissioned, it may be necessary to start SPL
without enabling axis--specific safety--relevant functions.
It is therefore possible to handle general machine functions (hydraulics,
Emergency Stop) before the axis is commissioned.
This is only possible in the commissioning state of the SPL ($MN_PRE-
VENT_SYNACT_LOCK[0,1]==0 and DB18.DBX36.0==0).
This state is displayed when the SPL starts using Alarm 27095 ”%1 SPL protection
not activated”.
If an attempt is made to start the SPL in the protective state (after commissioning
has been completed) without the axis--specific safety function having been acti-
vated, then Alarm 27096 is output. The SPL is started if the SPL--CDC is not acti-
vated.
Further, Alarm 27096 ”SPL start not permitted” is output if SPL protection is activa-
ted, however the drive objects of all enabled SI axes in the complete system have
been deactivated (drive parameter p0105). As long as one SI axis is active, the
alarm is not output.

Start via safety power on

When the ”Safety power on” function is activated, SAFE.SPF is automatically
started when booting. The system starts even if alarms are present.
The function is activated by setting bit 5 (safety power on) in machine data 20108
$MC_PROG_EVENT_MASK. A possible SAFE.SPF call in the
PROG_EVENT.SPF can be removed.
It is only possible to work with a restricted language scope in order that SAFE.SPF
can be started in spite of the fact that alarms are present. Access operations to the
PLC or drives are not possible.
For commands, which are not included in the language scope, Alarm 15420
”Channel %1 %2 Instruction in the current mode not allowed” is output.
If it is required to change over an existing SAFE.SPF to the restricted language
scope, then it is possible to proceed as follows:
S MD20108 $MC_PROG_EVENT_MASK, bit 5=0
S MD10095 $MN_SAFE_MODE_MASK, bit 2=1 (as a result, for SAFE.SPF, the
reduced language scope is activated -- also as a result of the CALL call)
S Call SAFE.SPF in MDI (CALL ”/_N_CST_DIR/_N_SAFE_SPF”)
S SAFE.SPF is edited until the program can be executed without any alarms with
the restricted language scope.
S MD $MC_PROG_EVENT_MASK, bit 5=1; SAFE.SPF is called when booting
and is executed error--free with the restricted language scope.

© Siemens AG 2015 All Rights Reserved

7-296 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Starting the NCK--SPL via PROG_EVENT

Note
This function is an option, and is not included as standard in Safety Integrated.

The NCK--SPL can also be started using the PROG_EVENT mechanism.

The PROG_EVENT.SPF cycle (saved under manufacturer cycles ..DHCMA.DIR)
is started when a specific event occurs (event--controlled program call).
Using machine data MD 20108 $MC_PROG_EVENT_MASK, for this
PROG_EVENT mechanism, certain events are enabled on a specific channel--for--
channel basis which then start the cycle.
The start condition when booting (bit 3 ==1) must be active in order to start the
NCK--SPL (SAFE.SPL) via PROG_EVENT.SPF.

Note
When starting the NCK--SPL (SAFE.SPF), it is important that the PROG_EVENT
mechanism was started through channel 1. This must be taken into account when
parameterizing the channel--specific machine data MD20108
$MC_PROG_EVENT_MASK .

Using the system variable $P_PROG_EVENT, in PROG_EVENT.SPF it can be

interrogated as to which event activated the call:
S Start of a part program $P_PROG_EVENT == 1
S End of a part program $P_PROG_EVENT == 2
S Operator panel reset $P_PROG_EVENT == 3
S Boot $P_PROG_EVENT == 4
For the PROG_EVENT.SPF cycle, MD11602 $MN_ASUP_START_MASK,
PROG_EVENT.SPF and the SAFE.SPF are taken into account, which can be used
to set that stop reasons for the sequence are ignored.
In order to be able to use $MC_PROG_EVENT_MASK and
$MN_ASUP_START_MASK, the ”Cross--mode actions” option must be activated.
Example for PROG_EVENT.SPF

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-297
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

; --------------------------------------------------------
; event-controlled program call

; PROG_EVENT.SPF under DHCMA.DIR

; --------------------------------------------------------

; Machine data MD20108 PROG_EVENT_MASK can be set channel--spe-

; cifically as to which of the following events will enable the user program:
;

; ( ) Start of the part program --> bit0 == 1

; ( ) End of the part program --> bit1 == 1
; ( ) Operator panel reset --> bit2 == 1
; (x) Boot --> bit3 == 1

; --------------------------------------------------------------------------------------------------------------

; Using the system variable $P_PROG_EVENT, it can be interrogated as to

; which event activated the call:

; ( ) Part program–Start --> $P_PROG_EVENT == 1

; ( ) Part program–End --> $P_PROG_EVENT == 2
; ( ) Operator panel–Reset --> $P_PROG_EVENT == 3
; (x) Booting --> $P_PROG_EVENT == 4
;

;-------------------- Cycle definition ------------------

; Suppress single block, display

;--------------------------------------------------------

N100 PROC PROG_EVENT SBLOF DISPLOF

;
; Start of the NCK-SPL

; -------------------------------------------------------

N200 IF ($P_PROG_EVENT == 4); boot query

N300 CALL ”/_N_CST_DIR/_N_SAFE_SPF”
N400 ENDIF
N500 ...
N600 ...
N700 M17 ; End of cycle

The part program SAFE.SPF is called if the system variable check

$P_PROG_EVENT indicated that the part program call PROG_EVENT.SPF was
called when the control system booted.

© Siemens AG 2015 All Rights Reserved

7-298 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Example for SAFE.SPF

A simple example for SAFE.SPF will now be shown that is started using
PROG_EVENT when the system boots and includes steady--state synchronous
actions.
; File: SAFE.SPF
=============

; Definitions
DEFINE STOP_A_DISABLE AS $A_OUTSI[1]
DEFINE STOP_C_DISABLE AS $A_OUTSI[2]
DEFINE STOP_D_DISABLE AS $A_OUTSI[3]
;
DEFINE STOP_A_EXT AS $A_INSE[6]
DEFINE STOP_C_EXT AS $A_INSE[7]
DEFINE STOP_D_EXT AS $A_INSE[8]

DEFINE STOP_A_XT AS $A_INSE[9]

;
; Program section
N10 IDS=01 DO STOP_A_DISABLE=STOP_A_EXT
N20 IDS=02 DO $A_OUTSE[1]=NOT $A_OUTSE[1]
N30 M17

Starting the NCK--SPL from the PLC user program

Program start
The NCK--SPL can also be started from the PLC user program. As soon as the
NCK--SPL has been started, the crosswise data comparison is activated in the
system program (NCK and PLC basic program).
The NCK--SPL program must be started as an ASUB. To do this, the interrupt
number and channel must first be assigned via FB4 using the ASUB (asynchro-
nous sub--routine) function via parameter PIService=”PI.ASUB”.
As soon as FB4 has been successfully run (output parameter ”Done”=TRUE) the
program is executed via FC9 ”ASUB” [asynchronous sub--routine].
In this case, MD 11602 $MN_ASUP_START_MASK is taken into account, which
can be used to set that stop reasons for the sequence are ignored.
Deviating from the recommended setting 7H, the following settings are also
possible:
-- Bit 1 can be deleted, if MD20700 $MN_REFP_NC_START_LOCK (in the
channel in which the SPL is started) is deleted, or, if at the instant that the
ASUB starts, the axes (in the channel, in which the SPL is started) must not
be safely referenced, e.g. in the park state.
-- Bit 2 can be deleted if no read--in disable is present when booting.
Further, MD11604 $MN_ASUP_START_PRIO_LEVEL (interrupt priority from
which the MD $MN_ASUP_START_MASK is active) must be observed.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-299
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

To be able to start the NCK--SPL without any errors, according to the required SPL
start type (start via PROG_EVENT or automatic start), when booting, the following
machine data must be taken into account:
MD20106 $MC_PROG_EVENT_IGN_SINGLE_BLOCK, bit 3 or bit 5
MD20107 $MC_PROG_EVENT_IGN_INHIBIT, bit 3 or bit 5
In addition, it may be necessary to not display the processing of the event--con-
trolled programs via MD20192 $MC_PROG_EVENT_IGN_PROG_STATE, bit 3 or
bit 5 on the OPI interface. This does not influence executing the NCK--SPL, and is
only used to visualize program execution in the HMI context

Starting the PLC--SPL

The PLC--SPL in conjunction with FB4/FC9 has started if the FC9 has signaled
successful execution and has displayed that the end of SAFE.SPF has been
reached. This is displayed using a signal in SAFE.SPF (e.g. $A_PLCSIOUT
variable, M function) or SPL status bit 13 (DB18.DBX137.5). Only then may the
PLC--SPL be started to ensure that both SPLs run in synchronism and therefore
the axis--specific monitoring channels are synchronously supplied.

Parameterizing FB4
FB4 may only be started in the cyclic mode (OB 1).

Table 7-7 Parameterizing FB 4

Signal Type Value range Meaning

Reg
PIService ANY PI.ASUB Assign interrupt
Unit INT 1 to 10 [1] Channel
WVar1 INT [1] Interrupt number
WVar2 INT [1] Priority
WVar3 INT 0/1 [0] LIFTFAST
WVar4 INT 0/1 [0] BLSYNC
Addr1 STRING ’/_N_CST_DIR/’ NCK--SPL path name
Addr2 STRING ’_N_SAFE_SPF’ NCK--SPL program name

[Values in brackets are standard values required for the call]

© Siemens AG 2015 All Rights Reserved

7-300 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Parameterizing FC 9

Table 7-8 Parameterizing FC9

Signal Type Type Value range Remark

Start E Bool
ChanNo E Int 1 to 10 [1] No. of the NC channel
IntNo E Int 1 8 [1] Interrupt No.
Active A Bool 1 = Active
Done A Bool 1 = ASUB completed
Error A Bool

[Values in brackets are standard values required for the call]

7.5.6 Language scope for SAFE.SPF

In order that no NC alarms are output when the SINUMERIK control boots, which
prevent a started SAFE.SPF being completely executed, it is necessary to define a
restricted language scope for SAFE.SPF. It is not permissible that commands are
programmed which access the PLC or drives.
If a SAFE.SPF is tested or commissioned with a restricted language scope, then
every Alarm 15189 ”Channel %1 Block %2 Error when executing SAFE.SPF”
requires a power on. MD10095: $MN_SAFE_MODE_MASK, bit 2 can be set to 1
in order to prevent this.
Now, the restricted language scope is active each time that SAFE.SPF is called
using the command CALL<path name>. For instance, the call can be made from
MDI or PROG_EVENT.SPF at reset. For commands, which are not included in the
language scope, only Alarm 15420 ”Channel %1 Channel %2 Instruction in current
mode not allowed” is output and not Alarm 15189. Alarm 15420 can be cleared
with a reset.
In order to change over an existing SAFE.SPF to a restricted language scope, it is
possible to proceed as follows for example:
-- MD20108 $MC_PROG_EVENT_MASK, bit 5=0
-- In the PROG_EVENT.SPF, remove the SAFE.SPF call from the power on
section or the SAFE.SPF call from the ASUB.
-- MD10095 $MN_SAFE_MODE_MASK, bit 2=1
-- SAFE.SPF is not called when the system boots
-- SAFE.SPF is now called with CALL ”_N_CMA_DIR_/_N_SAFE_SPF” e.g.
from MDI or PROG_EVENT at RESET. The restricted language scope is
now active, alarms that occur can be cleared with RESET.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-301
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

-- SAFE.SPF is edited until the program can be executed without any alarms
with the restricted language scope.
-- MD $MC_PROG_EVENT_MASK, Bit 5=1
-- MD10095 $MN_SAFE_MODE_MASK, bit 2=0
-- SAFE.SPF is called when the system boots and with the restricted language
scope is executed error--free.
Configuration
The function is activated using machine data 20108 $MC_PROG_EVENT_MASK,
Bit 5=1. An existing SAFE.SPF call in a PROG_EVENT.SPF power on section or
in an ASUB can be removed. If the function is active, then only the restricted
language scope is possible in a SAFE.SPF. If the function is not active, then the
complete language scope is permitted in a SAFE.SPF. If MD
$MC_PROG_EVENT_MASK, Bit 5=0, then SAFE.SPF is not executed when the
system boots and errors are present.

Table 7-9 Permissible language commands for SAFE.SPF

Block structure
Nxxx ;Block number
XYZ: ;Labels
/ ;Skip, block skip
; ;Comment characters
;Empty line
Beginning of the program
PROC SAFE ;First operation in the program
Attributes, which are programmed in the PROC line
SBLOF ;Single block skip
DISPLOF ;Skip, block display
ACTBLOCNO ;For DISPLOF, for an alarm output the number of the
actual block
DISPLON ;Activate block display
SBLOF is always active, even if SBLOF is not programmed
Variable definition
DEF ;Creating GUDs
DEFINE ;Creating macros
Assignments
Values are assigned to variables with an = character. The value being assigned can either
be a constant or an algorithm If the value is a constant, the binary, hexadecimal or expo-
nential notation is possible.
’B0000001’ ;Binary notation
’H3C7F’ ;Hexadecimal notation
4.1EX--3 ;Exponential notation

© Siemens AG 2015 All Rights Reserved

7-302 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Table 7-9 Permissible language commands for SAFE.SPF, continued

Fields can be assigned with

REP :Initialization with the same values
SET ;Initialization with value list
SETA ;Copying fields
Writing, i.e. the lefthand part of an assignment, is possible with these variables:
LUD
GUD
R parameters
$AC_PARAM[ ]
$AC_MARKER[ ]
$AA_ESR_TRIGGER ;Single axis, trigger ESR
$AC_ESR_TRIGGER ;Trigger ESR
$AN_ESR_TRIGGER ;Trigger ESR
all Synact GUDs
Safety system variables that can be written to:
$A_OUTSE[ ]
$A_OUTSED[ ]
$A_OUTSI[ ]
$A_OUTSID[ ]
$A_MARKERSI[ ]
$A_MARKERSID[ ]
$A_TIMERSI[ ]
$A_CMDSI[ ]
$A_PLCSIOUT[ ]
$A_FSDP_ERR_REAC[ ]
$A_FRDP_SUBS[ ]
$A_FRDP_ERR_REAC[ ]
Reading the righthand part of an assignment is possible with all variables -- i.e. also with all
safety system variables.
Arithmetic function
+ ;Addition
-- ;Subtraction
* ;Multiplication
/ ;Division
DIV ;Division, for variable type INT and REAL
MOD ;Modulo division
SIN( ) ;Sine
COS( ) ;Cosine

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-303
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Table 7-9 Permissible language commands for SAFE.SPF, continued

Tan( ) ;Tangent
ASIN( ) ;Arcsine
ACOS( ) ;Arccosine
ATAN2( ) ;Arctangent2
SQRT( ) ;Square root
ABS( ) ;Absolute value
POT( ) ;2nd Power (square)
TRUNC( ) ;Integral number part (truncate to integer)
ROUND( ) ;Round to integer number
ROUNDUP( ) ;Round up
LN( ) ;Natural logarithm
EXP( ) ;Exponential function
MINVAL( ) ;Lower value of two variables
MAXVAL( ) ;Larger value of two variables
BOUND( ) ;Variable value within the defined value range
Predefined safety functions
SIRELIN( ) ;Assign input quantities
SIRELOUT( ) ;Assign output quantities
SIRELTIME( ) ;Assign times for timer
SIRELAY ;
Predefined functions and procedures
ITOR( ) ;Conversion, integer to real
ITOB( ) ;Conversion, integer to Bool
RTOI( ) ;Conversion, real to integer
RTOB( ) ;Conversion, real to Bool
BTOI( ) ;Conversion, Bool to integer
BTOR( ) ;Conversion, Bool to real
SETAL( ) ;Set alarm
MSG(<<) ;Output message with contents of variables
Program jumps
GOTOB ;Jump instruction with jump destination towards
;beginning of program
GOTOF( ) ;Jump instruction with jump destination towards
;end of program
GOTO ;Jump instruction with jump destination search. The
;search is first made towards the end of the program, then
;towards the beginning of the program.
GOTOC ;Same effect as for GOTO with the difference that Alarm
;14080 ”Jump designation not found” is suppressed.

© Siemens AG 2015 All Rights Reserved

7-304 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Table 7-9 Permissible language commands for SAFE.SPF, continued

An IF condition can be programmed in the block in front of the jump instruction.

Program branch
CASE(<expression>)
OF <constant_1>
GOTOF <jump designa-
tion_1> <constant_2>
GOTOF<jump destina-
tion_2...>
DEFAULT GOTOF <jump
designation n>
Program repetition
REPEAT LableA P=n ;Repeat program section
REPEAT LableA LableB P=n ;Repeat program section
REPEATB LableA P=n ;Repeat block
Control structures
IF, ELSE, ENDIF ;Program loop with alternative
LOOP, ENDLOOP ;Endless program loop
FOR, TO, ENDFOR ;Count loop
WHILE; ENDWHILE ;Program loop with condition at start of loop
REPEAT, UNTIL ;Program loop with condition at end of loop
Program flow
STOPRE ;Preprocessing stop
DELAYSTON ;Start of a stop delay area
DELAYSTOF ;End of a stop delay area
Comparison operators
<>, ==, >=, <, >, <=
Bit--by--bit logic operator
B_AND
B_OR
B_NOT
B_XOR
Logic operator
AND
OR
NOT
XOR
For the logic operations, the following applies to the BOOL, CHAR, INT and REAL data
types: 0 corresponds to FALSE; not equal to 0, corresponds to TRUE

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-305
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Table 7-9 Permissible language commands for SAFE.SPF, continued

Synchronized action
CANCEL ;Delete synchronized actions
IDS ;Static synchronized action
;A number range is not monitored
WHENEVER ;The action is cyclically executed in each ipo clock cycle,
;as long as the appropriate condition is fulfilled.
WHEN ;If the condition is fulfilled, then the action is
;executed once.
EVERY ;The action is activated once if the condition is fulfilled.
;The action is executed again if the condition changes
;from the false state into the true state.
FROM ;If the condition has been fulfilled once, the action is
;executed cyclically in every interpolation clock cycle for
;as long as the synchronized action remains active.
DO ;Start of the action section
No subprograms, i.e. technology cycles can be called in the action section. No axes can
be traversed and no auxiliary functions can be output.
The following value assignments are possible:
-- R parameters
-- $AC_PARAM[ ]
-- $AC_MARKER[ ]
-- all Synact GUDs
-- all safety system variables that can be written to and G functions
G function
G70 ;Inch dimensions (group 13)
G71 ;Metric dimensions (group 13)
G700 ;Inch dimensions also F (group 13)
G710 ;Metric dimensions also F (group 13)
G04 F ;Dwell time (group 2)
End of program
ENDPROC ;End line of program with start line PROC
RET ;Without output to the PLC
;The RET command can now also be programmed
;without parameter in a main program.
M17 ;No output to the PLC
M02 ;No output to the PLC
M30 ;No output to the PLC

© Siemens AG 2015 All Rights Reserved

7-306 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Note
All language commands, which are not listed in this table, result in NC alarms
15189 ”Channel %1 Block %2 Error when executing SAFE.SPF” and 15420
”Channel %1 Block %2 Instruction in current mode not allowed”.

Additional information on the complete NCK language scope can be found under:
References: Programming Manual Fundamentals, Chapter 16 ”Tables”.

7.5.7 Diagnostics/commissioning

The system variables $A_INSIP(D), $A_OUTSIP(D), $A_INSEP(D) and $A_OUT-

SEP(D), and $A_MARKERSIP(D) are only used for diagnostics and commission-
ing the NCK--SPL. These system variables represent the input data for crosswise
data comparison on the PLC side. They are updated every IPO cycle. They can
also be used to access the CDC on the PLC side from the NC. This helps when
commissioning the SPL:
S Crosswise data comparison function can be temporarily bypassed
S NCK--SPL can be simulated to the process and to the NCK monitoring channel.
To do this, the relevant PLC images are written to the variables $A_OUTSED
and $A_OUTSID as long as there is no NCK--SPL. This means that the NCK--
SPL can be commissioned step--by--step. This data may only be accessed
during the commissioning phase.
In order to allow the SPL to be commissioned without the crosswise data compari-
son function constantly responding, the following ”minimum NCK--SPL” can be
installed in this phase:
; Simulate external SPL interface
IDS = 03 DO $A_OUTSED[1] = $A_OUTSEPD[1]
IDS = 04 DO $A_OUTSED[2] = $A_OUTSEPD[2]
; Simulate internal SPL interface
IDS = 07 DO $A_OUTSID[1] = $A_OUTSIPD[1]
IDS = 08 DO $A_OUTSID[2] = $A_OUTSIPD[2]
; Emulate PLC markers (for all markers used in the PLC)
IDS = 09 DO $A_MARKERSID[1] = $A_MARKERSIPD[1]
IDS = 10 DO $A_MARKERSID[2] = $A_MARKERSIPD[2]
; End of program
M17

These instructions simulate the output interfaces of the NCK--SPL and therefore
”short--circuit” the crosswise data comparison.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-307
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Warning
! The logic used in this phase has a single channel structure and is therefore not
safe!
The described minimum NCK--SPL must be replaced by a full NCK--SPL without
any access to $A_INSIP(D), ..., $A_MARKERSIP(D) when the PLC side is
completed!

Additional diagnostic support:

S $A_STATSID: A value not equal to 0 means that an error has occurred in the
crosswise data comparison.
S $A_CMDSI[n]: n=1: 10x change timer value for long forced checking procedure
pulses and/or single--channel test stop logic.
S $A_LEVELSID: Indicates how many signals have different signal levels on the
NCK and PLC sides that can be presently detected.
S In addition, other NC variables or free R parameters can be written to monitor
internal states of the SPL.
The following applies to all system variables of the NCK--SPL outputs:
They can be written from and read back to the SPL program.

7.5.8 Safe software relay

The standard SPL block ”safety software relay” is designed to meet the require-
ments of an Emergency Stop function with safe programmable logic. However, it
can also be used to implement other similar safety functions, e.g. to control a pro-
tective door.

© Siemens AG 2015 All Rights Reserved

7-308 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

OR
Q1

Q2
AND
A0
TM1 AND
CMP
>=
A1
Timer1

Time measurement -
rising to falling edge
E1
AND t4
Timer2 A2
E2 t4i

E_AND
I3

TI1
A3
TI2 Timer3

TI3

Signals that have a line above them signify ”low active”

Figure 7-34 Function diagram of the ”safety relay”

The description is provided in the following:

Three shutdown inputs E1 to E3 If one of these inputs is set to 0, direct output A0 is set
to 0. Outputs A1 to A3 switch with the delay of timer
1--3. If one of these inputs is not used, then it is inter-
nally set to ”1” as static signal.
One of these inputs must also be used to initiate test
operation of the safety relay (forced checking proce-
dure).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-309
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Two acknowledge inputs Q1 and Q1 must be supplied with the signal from the real
Q2 acknowledge button.
Q2 is only used for the forced checking procedure. The
software relay itself does not have to be subject to a
forced checking procedure. However, if the Emergency
Stop function is executed and if external actuators
have to be subject to a forced checking procedure, if
the relay drops--out during the Emergency Stop test,
then it can be acknowledged using Q2 (in a defined
time window, refer to TM1). This input must also be
connected with a safety system variable (even if the
signal is not used) -- preferably with a $A_MARKERSI
-- in order to detect that this acknowledge signal is
available as steady--state signal in the crosswise data
comparison with the PLC. The associated comparison
data in the PLC must have a steady--state 0 signal
level (error detection using different states of the
particular SPL marker for the PLC and NCK).
Three timer initialization values The times after which outputs A1 to A3 are switched to
TI1 to TI3 0 at a negative edge in output signal A0 are defined
here.
One timer limit value TM1 Defines the maximum time that the shutdown inputs E1
to E3 may have been at a 0 signal level so that they
can still be acknowledged using Q2. Q2 should only be
used for the internal safety relay test. It is not per-
missible that Q2 is used to acknowledge a ”real” shut-
down.
Four output values A0 to A3 A0 supplies the result of ANDing E1 to E3 without any
delay. Outputs A1 to A3 supply the same result for
positive edges of A0; for negative edges, the results
are delayed by the timer initialization TI1 to TI3
(switch--out delay).
A0 to A3 do not produce a result after booting until an
acknowledgment has been received via Q1.

Initialization in the part program

The connections for the function block are defined when initialized. The input and
output quantities of the function block are assigned to the required system
variables ($A_MARKERSI, $A_INSE, $A_OUTSE,...). The following functions
must be called:
SIRELIN: This language command assigns the input quantities Q1, Q2, E1, E2
and E3 to the safety relay x (x = 1..4). The return value contains the number of the
first incorrect parameter; a value of 0 indicates that the parameter assignment is
correct.
Syntax: SIRELIN(x,status,”Q1”,”Q2”,”E1”,”E2”,”E3”)

© Siemens AG 2015 All Rights Reserved

7-310 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

The transfer parameters Q1 to E3 are strings and must therefore be entered in

quotation marks (” ”). The following system variables are permissible as input
quantities:
$A_MARKERSI[ ]
$A_INSE[ ]
$A_INSI[ ]
$A_OUTSE[ ]
$A_OUTSI[ ]
E2 and E3 are optional. If these parameters are not entered, the relevant inputs
are set to ”1” (static signal).
SIRELOUT: This language command assigns the input quantities A0, A1, A2 and
A3 to the safety relay x (x = 1..4). The return value ”status” contains the number of
the first incorrect parameter; a value of 0 indicates that the parameter assignment
is correct.
Syntax: SIRELOUT(x,status,”A0”,”A1”,”A2”,A3”)
The transfer parameters A0 to A3 are strings and must therefore be entered in
quotation marks (” ”). The following system variables are permissible as output
quantities:
$A_MARKERSI[ ]
$A_OUTSE[ ]
$A_OUTSI[ ]
$A_PLCSIOUT[ ]
A1 to A3 are optional. If these parameters are not specified, then the correspond-
ing outputs are not supplied. However, if A1 is specified, the initialization value for
timer 1 (TI1) must also be parameterized via SIRELTIME. The same applies for A2
and timer 2 (TI2) and A3 and timer 3 (T!3).
SIRELTIME: This language command assigns the times -- for the timers required --
to safety relay x (x = 1..4). These include the timer limit value TM1 and the timer
initialization values TI1, TI2 and TI3. The return value contains the number of the
first incorrect parameter; a value of 0 indicates that the parameter assignment is
correct.
Syntax: SIRELTIME(x,status,TM1,TI1,TI2,TI3)
Transfer parameters TM1 to TI3 are REAL numbers (times in seconds). TI1 to TI3
are optional. If these parameters are not specified, the corresponding outputs A1
to A3 are not supplied. However, if TI1 is specified, output A1 must also be para-
meterized via SIRELOUT. The same applies for TI2 and A2 and TI3 and A3.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-311
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Note
S The initialization language commands must be directly included in the part
program (e.g. SAFE.SPF); they may not be used in synchronized actions! If
this condition is violated, Alarm 12571, ”Channel 1 Block %2 %3 not permitted
in motion synchronizing action” is triggered.
S As described above, there is an interdependency between the number of the
optional parameters for the language commands SIRELTIME and SIRELOUT.
This interdependency is checked in the language command that comes later in
the part program sequence. If, for example, A2 is no longer parameterized in
SIRELOUT, but TI2 is specified in SIRELTIME, then this parameter is identified
as being incorrect!

Cyclic sequence
The correctly timed call in the SPL is made using the language command SIRE-
LAY. A calling parameter is not required in the cyclic section except to select the
desired relay x (x = 1..4). Initialization must be carried out beforehand. If this is not
correctly done, then this is indicated in the return value of the language command
SIRELAY. The cyclic section must be integrated in the synchronized actions of the
SPL.
Syntax: status = SIRELAY(x)
The ”status” variable must be defined as integer to correctly map the possible
return values of the function block.
The following values are possible for status:

Return value Meaning

status
1 The input quantity of the safety relay is either not parameterized or
not correctly parameterized.
Remedy: Call SIRELIN with the correct parameterization
2 The output quantities of the safety relay are either not parameterized
or not correctly parameterized.
Remedy: Call SIRELOUT with the correct parameterization
3 The input and output quantities of the safety relay are either not para-
meterized or not correctly parameterized.
Remedy: Call SIRELIN and SIRELOUT with the correct parameteri-
zation
4 The timers of the safety relay are either not parameterized or not
correctly parameterized.
Remedy: Call SIRELTIME with the correct parameterization
5 The input quantities and timers of the safety relay are either not para-
meterized or not correctly parameterized.
Remedy: Call SIRELIN and SIRELTIME with the correct parameteri-
zation

© Siemens AG 2015 All Rights Reserved

7-312 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Return value Meaning

status
6 The output quantities of the safety relay are either not parameterized
or not correctly parameterized.
Remedy: Call SIRELOUT and SIRELTIME with the correct paramete-
rization
7 The initialization of the safety relay was either not carried out or not
correctly carried out.
Remedy: Call SIRELIN, SIRELOUT and SIRELTIME with the correct
parameterization

Note
1. The SIRELAY call must be made in the NCK--SPL (program SAFE.SPF), since
the allocation of the output quantities corresponds to the write access
operations to safety system variables. If the call comes from a different
program, Alarm 17070 ”Channel %1 Block %2 Data write--protected” is output.
2. The SIRELAY call must be included in a synchronized action. If this condition is
violated, Alarm 14091, ”Channel %1 Block %2 function not permitted, Index: 6”
is output.
3. If parameter x contains a value that lies outside the range 1 to 4, Alarm 20149
”Channel %1 Block %2 Motion synchronous action: Invalid index” is output.

Forced checking procedure

When the safety relay is tested, acknowledge input Q2 and one of the three dis-
able inputs (E1, E2 or E3) must be used. Q2 must be connected to a safety marker
($A_MARKERSI[ ]) and may only be briefly set (< 1s) to 1.
One of the three inputs E1 to E3 can be used (e.g. from the PLC) with a short
falling edge to check that the safety relay has dropped out. The 0 signal level may
not be present for longer than the time parameterized in TM1. The maximum value
for TM1 is 1s, as otherwise the crosswise data comparison between NCK and
PLC--SPL would detect an error.
Acknowledge input Q2 can only be used if the measured time t4 is shorter than
TM1. This prevents a queued shutdown operation being acknowledged externally
via the test acknowledge input. If A0 is 1 at the time of the falling edge of E_AND
(= ANDing of E1, E2 and E3), time t4i (see Fig. 7-34) is allocated the measured
time t4. For additional measurements, while A0 remains at 0, t4i is only re--saved if
the measured time t4 is greater than the old value of t4i.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-313
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Boundary conditions
The language commands SIRELIN, SIRELOUT and SIRELTIME may not be used
in synchronized actions.
The language command SIRELAY may only be used in synchronized actions of
the SPL (SAFE.SPF). The connection must be specified beforehand using the
language commands SIRELIN, SIRELOUT and SIRELTIME.

Example
Example of an Emergency Stop implemented using NCK--SPL in SAFE.SPF:
DEF INT RESULT_IN, RESULT_OUT, RESULT_TIME

N10 DEFINE IE_NH_E AS $A_INSE[1]

N20 DEFINE IE_NH_Q AS $A_INSE[2]
N30 DEFINE MI_NH_Q AS $A_MARKERSI[1]
N40 DEFINE MI_C_ABW AS $A_MARKERSI[2]
N50 DEFINE MI_A_ABW_A AS $A_MARKERSI[3]
N60 DEFINE MI_A_ABW_S AS $A_MARKERSI[4]
N70 DEFINE M_STATUS_1 AS $AC_MARKER[1]
;------------------------------------------------------------------
N200 SIRELIN(1,RESULT_IN,”IE_NH_Q”,”MI_NH_Q”,”IE_NH_E”)
N210 SIRELOUT(1,RESULT_OUT,”MI_C_ABW”,”MI_A_ABW_A”,”MI_A_ABW_S”)
N220 SIRELTIME(1,RESULT_TIME,0.4, 2.2, 3.5)
;------------------------------------------------------------------
N300 IDS=10 DO M_STATUS_1 = SIRELAY(1)
-------------------- Error handling -----------------------------
N310 IDS=11 EVERY M_STATUS_1 < > DO . . . . . .

FUNCTION_BLOCK FB 10
Declaration of the function

VAR_INPUT
In1 : BOOL := True ; // Input 1
In2 : BOOL := True ; // Input 2
In3 : BOOL := True ; // Input 3
Ackn1 : BOOL ; // Ackn1 signal
Ackn2 : BOOL ; // Ackn2 signal
TimeValue1 : TIME := T#0ms ; // TimeValue for Output 1
TimeValue2 : TIME := T#0ms ; // TimeValue for Output 2
TimeValue3 : TIME := T#0ms ; // TimeValue for Output 3
END_VAR

VAR_OUTPUT
Out0 : BOOL ; // Output without Delay
Out1 : BOOL ; // Delayed Output to False by Timer 1
Out2 : BOOL ; // Delayed Output to False by Timer 2
Out3 : BOOL ; // Delayed Output to False by Timer 3

© Siemens AG 2015 All Rights Reserved

7-314 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

END_VAR

VAR_INOUT
FirstRun: BOOL ; // True by User after 1st Start SPL
END_VAR

The following table shows all formal parameters of the SI relay function:

Signal Type Type Remark

In1 E BOOL Input 1
In2 E BOOL Input 2
In3 E BOOL Input 3
Ackn1 E BOOL Acknowledgment input 1
Ackn2 E BOOL Acknowledgment input 2
TimeValue1 E TIME Value 1 for switch--off delay
TimeValue2 E TIME Time value 2 for switch--off delay
TimeValue3 E TIME Time value 3 for switch--off delay
Out0 A BOOL Output, instantaneous (no delay)
Out1 A BOOL Output, delayed by TimeValue1
Out2 A BOOL Output, delayed by TimeValue2
Out3 A BOOL Output, delayed by TimeValue3
FirstRun I/O BOOL Activation of basic setting

Parameter FirstRun, must for the 1st run--through, be switched to the value TRUE
via a retentive data (memory bit, bit in the data block) after the control has booted.
This data can be preset, e.g. in OB 100. The parameter is reset to FALSE when
FB 10 is executed for the first time. Separate data must be used for parameter
FirstRun for each call with separate instance.

Note
The block must be called once by the user program (per SI relay) cyclically in the
OB1 cycle from when the SPL program starts. The user must provide an instance
DB with any number for this purpose. The call is multi--instance--capable.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-315
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

7.5.9 System variables for SINUMERIK 840D sl

The following system variables can only be used in combination with SINUMERIK
Safety Integrated. They are used when programming the safe programmable logic
(SPL).
Also see Chapter ”Description of the system variables” for a detailed description of
the system variables.8.7.2

Table 7-10 Overview of system variables

System variable Meaning Value range Data Possible access for

type
Part Synchr.
program action
r w r w
Actual position
$VA_IS[axis] Safe actual position NCK DOUBL x x
monitoring channel E
$AA_IM[axis] Actual MCS setpoint of DOUBL x x
an axis E
$VA_IM[axis] Encoder actual value in DOUBL x x
the machine coordinate E
system
Error status
$A_XFAULTSI In the crosswise data INT x x
comparison between
NCK and drive of any
axis, an actual--value er-
ror has been detected
$VA_XFAULTSI The crosswise data com- INT x x
[axis name] parison for this axis
between NCK and drive
has detected an actual
value error
$VA_STOPSI Current Safety Integrated INT x x
stop of the relevant axis
$A_STOPESI Current Safety Integrated INT x x
STOP E for any axis
Internal SPL inputs/outputs
$A_INSI[n] NCK input n = 1, 2, ... 192 BOOL x x
stands for the num-
ber of the input
$A_INSID[n] NCK inputs n = 1, 2, ... 6 stands INT x x
for the number of
the double word
(32 bit)

© Siemens AG 2015 All Rights Reserved

7-316 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Table 7-10 Overview of system variables, continued

r w r w
$A_INSIP[n] Image, PLC input n = 1,2, ... 192 BOOL x x
stand for the No. of
the input
$A_INSIPD[n] Image of the PLC inputs n = 1, 2, ... 6 stands INT x x
for the number of
the double word
(32 bit)
$A_OUTSI[n] NCK output n = 1, 2, ... 192 BOOL x x x x
stands for the num-
ber of the output
$A_OUTSID[n] NCK outputs n = 1, 2, ... 6 stands INT x x x x
for the number of
the double word
(32 bit)
$A_OUTSIP[n] Image, PLC output n = 1, 2, ... 192 BOOL x x
stands for the num-
ber of the output
$A_OUTSIPD[n] Image of the PLC outputs n = 1, 2, ... 6 stands INT x x
for the number of
the double word
(32 bit)
External SPL inputs/outputs
$A_INSE[n] NCK input n = 1, 2, ... 192 BOOL x x
stands for the num-
ber of the input
$A_INSED[n] NCK inputs n = 1, 2, ... 6 stands INT x x
for the number of
the double word
(32 bit)
$A_INSEP[n] Image of PLC input n = 1, 2, ... 192 BOOL x x
stands for the num-
ber of the input
$A_INSEPD[n] Image of the PLC inputs n = 1, 2, ... 6 stands INT x x
for the number of
the double word
(32 bit)
$A_OUTSE[n] NCK output n = 1, 2, ... 192 BOOL x x x x
stands for the num-
ber of the output
$A_OUTSED[n] NCK outputs n = 1, 2, ... 6 stands INT x x x x
for the number of
the double word
(32 bit)
$A_OUTSEP[n] Image of a PLC output n = 1, 2, ... 192 BOOL x x
stands for the num-
ber of the output

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-317
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Table 7-10 Overview of system variables, continued

r w r w
$A_OUTSEPD[n] Image of the PLC outputs n = 1, 2, ... 6 stands INT x x
for the number of
the double word
(32 bit)
SPL markers and timers
$A_MARKERSI[n] Marker n = 1, 2, ... 192 BOOL x x x x
stands for the num-
ber of the marker
$A_MARKER- Marker n = 1, 2, ... 6 stands INT x x x x
SID[n] for the number of
the double word
(32 bit)
$A_MARKER- Image of the PLC n = 1,2, ...192 BOOL x x
SIP[n] markers stands for the num-
ber of the PLC mar-
ker
$A_MARKER- Image of the PLC n = 1, 2, ... 6 stands INT x x
SIPD[n] markers for the number of
the double word
(32 bit)
$A_TIMERSI[n] Timer n = 1, 2...16 stands REAL x x x x
for the number of
the timer
F_SENDDP
$A_FSDP_ERR_ Response when a com- n = 1, ..., 16 stands INT x x x x
REAC[n] munication error occurs for the number of the
F--SENDDP relations-
hip, is also valid for
$A_FDFSDP_ER-
ROR;,
$A_FSDP_SUBS_ON,
$AFSDP_DIAG
$A_FSDP_ER- There is a communication n = 1, ..., 16 BOOL x x
ROR[n] error
$A_FSDP_SUBS Substitute values are out- n = 1, ..., 16 BOOL x x
_ON[n] put to the application at
F_RECVDP (receiver)
$A_FSDP_DIAG The cause of the commu- n = 1, ..., 16 INT x x
[n] nication error determined
by F_SENDDP is com-
municated

© Siemens AG 2015 All Rights Reserved

7-318 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

Table 7-10 Overview of system variables, continued

r w r w
F_RECVDP
$A_FRDP_SUBS The substitute values, n = 1, ..., 16 stands for INT x x x x
[n] which are output to the the number of the
SPL in certain states, are F--RECVDP relation-
entered ship, is also valid for
$A_FRDP_ERR_REA
C,
$A_FRDP_ACK_REI,
$A_FRDP_ERROR,
$A_FRDP_SUBS_
ON,
$A_FRDP_ACK_REQ
, $A_FRDP_SEND-
MODE,
$A_FRDP_DIAG
$A_FRDP_ERR_ Response when a com- n = 1, ..., 16 INT x x x x
REAC[n] munication error occurs
$A_FRDP_ There is a communication n = 1, ..., 16 BOOL x x
EROR[n] error
$A_FRDP_SUBS Substitute values are n = 1, ..., 16 BOOL x x
_ON[n] output to the application
$A_FRDP_ACK_ Error--free F telegrams n = 1, ..., 16 BOOL x x
REQ[n] are again cyclically
exchanged after a com-
munication error
$A_FRDP_DIAG[ The cause of the commu- n = 1, ..., 16 INT x x
n] nication error determined
by F_RECVDP is com-
municated
$A_FRDP_SEND- Actual operating mode of n = 1, ..., 16 BOOL x x
MODE[n] the F--CPU of the
F_SENDDP communica-
tion partner

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-319
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

Table 7-10 Overview of system variables, continued

r w r w
Miscellaneous
$A_STATSID A value not equal to 0 Bit 0...5=1: CDC error INT x x
means that an error has in I/O signals or mar-
occurred in the crosswise kers or dynamic data
data comparison. of the SENDDP/
RECVDP communica-
tion
Bit 26=1: PROFIsafe
communication error
occurred
Bit 27=1: CDC error in
static data
Bit 28=1: CDC error
”SPL protection
status”
Bit 29=1: Timeout in
the communications
between NCK and
SPL
Bit 30=1: PLC signals
a stop to the NCK

$A_CMDSI Control word for cross- n = 1: Increase the BOOL x x x x

wise data comparison time for the signal
between the NCK and change monitoring
PLC (SPL--CDC) to 10 s

$A_LEVELSID CDC stack level display: 0...320 INT x x

Number of signals for
which NCK and PLC de-
tect different signal levels
$A_PLCSIIN[n] Single--channel commu- 1, 2, ... 96 BOOL x x
nication between NCK
and PLC SPL
$A_PLCSIOUT[n] Single--channel commu- 1, 2, ... 96 BOOL x x x x
nication between NCK
and PLC SPL
$AC_SAFE_SYN Free safety synchronizing [0, MAX_INT] x x
A_MEM elements
$VA_SAFE_TYPE Information about the ac- [0,2] INT x x
[axis] tive safety operating
mode of this axis
Note:
r --> read, w --> write

© Siemens AG 2015 All Rights Reserved

7-320 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

7.5.10 Behavior after power on / mode change / reset

1. After the system has booted, the following Safety Integrated system variables
are assigned the value zero:
$A_INSE(D), not for F_DP communication
$A_OUTSE(D),
$A_OUTSI(D),
$A_MARKERSI(D),
$A_INSEP(D), not for F_DP communication
$A_OUTSEP(D),
$A_OUTSIP(D),
$A_MARKERSIP(D)
$A_INSI(D).
2. Preassignment of other variables before cyclic processing of the NCK--SPL
starts can be programmed in the same part program as the NCK--SPL itself.
To ensure that the pre--assignment instructions are only performed once, they
must use the following syntax:
IDS=<No.> WHEN TRUE DO<Boot instructions>
As a result of the identifier IDS, the events ”operating mode change” and ”reset”
have no effect on the processing of the NCK--SPL.
3. Several boot instructions can be programmed in one block.
4. For the relevant FDP system variables, see Chapter 7.4.8 ”Boot behavior of the
F_DP communication” and the following.

7.5.11 SPL data on the PLC side

The safe programmable logic of the PLC (PLC--SPL) is a sub--function of the

safety functions integrated in the SINUMERIK.

Signals
The PLC--SPL signals are in DB18 and are sub--divided into
1. Parameterization part, and
2. Data area/status.

Parameterization part
SPL_READY:
The SPL_READY = TRUE signal indicates that the commissioning phase has
been completed, i.e. if a CDC error has occurred, the basic program sends a
”STOP D/E” to all the axes.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-321
Connecting Sensors/Actuators 10/15
7.5 Safe programmable logic (SPL)

STOP_MODE:
For crosswise comparison error:
0 = external STOP D
1 = external STOP E
to the drive

Data area/status
SPL_DATA
The useful (net) data for the PLC--SPL is contained in the SPL_DATA structure.
The useful data area is sub--divided into internal inputs/outputs and marker areas
and external inputs/outputs that correspond to the hardware I/Os.
With the appropriate parameterization for external inputs/outputs, the basic pro-
gram transfers the input image of the I/Os to the external inputs in DB 18 and from
the external outputs in DB 18 to the output.
SPL_DELTA
The SPL_DELTA area is used for diagnostics. A signal with the status TRUE in this
area means that the signal is different in the NCK and PLC at this bit position.
CMDSI
Signal CMDSI can be used to extend the timeout value in the crosswise SPL data
comparison by a factor of 10. This extension is used for long forced checking pro-
cedure pulses or single--channel test stop logic functions.
STATSI
A value not equal to 0 means that an error has occurred in the crosswise data
comparison.
LEVELSI
The signal LEVELSI is used for diagnostics and indicates how many signals with
different signal levels are present.
COMM_TO
If communication between NCK and PLC regarding the SPL--CDC is interrupted,
then the PLC is switched into the STOP state with a delay of 5 s. Status signal
DB18.DBB119, bit 5 is used to inform the SPL programmer that the 5 s timer was
started. This means that it is possible to initiate system--specific actions before the
PLC goes into the stop condition.
SPL status signals for SPL_STATUS (DB18.DBB136)
For a detailed description, see Chapter 8.6.3 ”PLC data bock (DB 18)”.

© Siemens AG 2015 All Rights Reserved

7-322 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.5 Safe programmable logic (SPL)

7.5.12 Direct communications between NCK and PLC-- SPL

In SPL applications, a certain degree of single--channel communications between

the two SPLs (NCK and PLC) is always required in addition to safety--related
switching elements being connected through two channels. Testing external stops
and the Emergency Stop acknowledgment are typical applications.
In order to be able to exchange single--channel SI--specific signals between the
NCK and PLC in a dedicated data area, a corresponding communication interface
exists between these components. The meaning of the individual bits in this inter-
face are defined by the user.

NCK PLC
$A_PLCSIOUT[1...96] DB18.DBB128--131, 96 bits from the NCK to PLC
DB18.DBB432--439
$A_PLCSIIN[1...96] DB18.DBB132--135, 96 bits from the PLC to NCK
DB18.DBB440--447

Boundary conditions
System variables $A_PLCSIOUT[1...96] and $A_PLCSIIN[1...96] are protected so
that they cannot be accessed from other programs, except the NCK--SPL program
(SAFE.SPF). A corresponding programming command is rejected with the alarm
17070 ”Channel %1 block %2 Data write--protected”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-323
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

7.6 Safe Brake Test (SBT)

7.6.1 Applications

Axes and mechanical systems can drop due to gravity when the drives are
switched off. The function test of the brake mechanical system should be used for
all axes, which must be prevented from moving in an uncontrolled manner by a
holding brake. This test function is primarily intended for so--called ”vertical axes”.
The functionality is based on ”travel to fixed stop” (FXS). Travel to fixed stop can
be individually parameterized to test the function of the mechanical braking
system. It is activated and deselected from the PLC. For further details on travel to
fixed stop, see /FB1/, F1.
The machine manufacturer can use his PLC user program to close the brake at a
suitable instant in time (guide value, every 8h, see Chapter 1.6.1 ”Information
Sheets of the Employer’s Liability Insurance Association”) and to initiate that the
drive produces an additional force in addition to the weight of the axis. As long as
no fault has occurred, the brake can exert the necessary braking torque / the
necessary braking force and the axis will hardly move.
When an error occurs, the actual position value exits the parameterizable moni-
toring window. This prevents an axis from sagging. The function test of the brake
mechanical system is negatively acknowledged.
The brake test must always be started when the axis is at a standstill. The direc-
tion in which the drive produces its torque / its force is specified by the PLC using a
”traversing motion” via FC 18. The direction of travel should be selected so that the
motor applies force in the direction of the already existing force due to weight as a
result of the load. The target of this motion must be able to be reached without any
danger (no collision, sufficient distance to the end stops), if the brake cannot pro-
vide the necessary torque / force.

Note
When the brake test is active, no temperature compensation may be carried out.

Note
From software release 4.7 SP2, the brake test integrated in the drive can also be
used in conjunction with SINUMERIK Safety Integrated. You can find an
application example on the Internet at our ”Industry Online Support”:

© Siemens AG 2015 All Rights Reserved

7-324 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

7.6.2 Parameterization

The user can use the following axis--specific NCK machine data to parameterize
the function test of the mechanical braking system:

Machine data Description

MD37000 $MA_FIXED_STOP_MODE Enable brake test
MD37030 $MA_FIXED_STOP_THRESHOLD Threshold for fixed stop detection
MD36966 $MA_SAFE_BRAKETEST_TORQUE Enters the test torque
MD36967 $MA_SAFE_BRAKETEST_POS_TOL Position tolerance, brake test
MD36968 $MA_SAFE_BRAKETEST_CONTROL Bit 0 = 0: Drive MD 1192/p1532 is used as the
average value of the torque limit.
Bit 0 = 1: The measured torque at the instant in
time that the brake test is selected is used as the
average value of the torque limit.
Bit 1 = 0: The torque limit value must be reached
during the programed travel distance.
Bit 1 = 1: The torque limit value must be reached
during the programed time (TV_FXSreached para-
meterization FB11).

The function test of the mechanical braking system is enabled by setting bit 1 in
MD37000 $MA_FIXED_STOP_MODE. If the user needs to travel to a fixed stop
with this axis from the part program, bit 0 can also be set. It is internally monitored
to check that only one type of travel to fixed stop is active at a time. In the case of
an error, Alarm 20092, ”Axis % Travel to fixed stop still active” is issued.

MD37000 $MA_FIXED_STOP_MODE: Travel to fixed stop mode

The function test of the mechanical braking system is enabled by setting bit 1 in
MD37000 $MA_FIXED_STOP_MODE. If the user needs to travel to a fixed stop
with this axis from the part program, bit 0 can also be set. It is internally monitored
to check that only one type of travel to fixed stop is active at a time. In the case of
an error, Alarm 20092, ”Axis % Travel to fixed stop still active” is issued.

MD37030 $MA_FIXED_STOP_THRESHOLD: Threshold for fixed stop reached

The contour deviation that is determined is always used in the brake test to detect
that the fixed stop has been reached. The parameterization in MD37040 $MA_
FIXED_STOP_BY_SENSOR is therefore irrelevant. The required threshold value
must be set in MD37030 $MA_FIXED_STOP_THRESHOLD. This means that the
traversing distance from the PLC via FC 18 must be greater than this threshold
value.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-325
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

If the travel distance that is entered is too short, after the end position is reached
on the setpoint side, Alarm 20096 ”Axis %1 brake test aborted, additional informa-
tion %2” is output. The supplementary info contains the value 2 ”End position
reached, motion stopped”.

MD36966 $MA_SAFE_BRAKETEST_TORQUE: Holding torque, brake test

The machine manufacturer must parameterize the required brake test torque as
percentage in the axis--specific MD36966 $MA_SAFE_BRAKETEST_TORQUE.
The magnitude of the torque to be configured is orientated to the maximum holding
force of the brake, according to the data sheet, that should be checked. Internally,
this is used to calculate the drive torque that is required in addition to the weight of
the axis to load the brake. The drive torque to load the holding brake is limited to
the maximum motor torque if the desired test torque would require a higher drive
torque.
Value for MD36966 = (test torque of the brake / p2003) * 100
The value from $MA_SAFE_BRAKETEST_TORQUE refers to the reference
torque or the reference force from drive parameter p2003, whose image is saved in
$MA_SAFE_BRAKETEST_TORQUE_NORM.
The magnitude of the torque to be configured is orientated to the maximum holding
force of the brake to be tested.
Incorrect parameterization in MD $MA_SAFE_BRAKETEST_TORQUE could
mean that the drive with reduced torque cannot even apply the required holding
torque. These parameter assignments are detected when the brake test is se-
lected and results in Alarm 20095 ”Axis %1 inadmissible holding torque %2”.

MD36967 $MA_SAFE_BRAKETEST_POS_TOL: Position tolerance, brake test

The monitoring window for the maximum permissible movement during the brake
test is defined in the axis--specific MD36967 $MA_SAFE_BRAKE-
TEST_POS_TOL. The PLC actively monitors this position window -- from the start
of the brake test and not only when it has been detected that the fixed stop has
been reached. This is a difference when compared to activating the traversing to
the fixed stop function from the part program.

MD36968 $MA_SAFE_BRAKETEST_CONTROL, bit 0: Sequence check for the

brake test
Principally, the automatic determination of the load torque available using
MD36968 $MA_SAFE_BRAKETEST_CONTROL, bit 0 = 1 is preferred. This is
because over the complete traversing path of a suspended axis the torque situa-
tion continually changes to some extent or the other. The torque situation is, e.g.
dependent on the different tools/workpieces being used and can vary significantly.
Using the automatic torque determination function, the instantaneous holding
torque available at standstill is automatically determined (mAct from Fig. 7-35) and
is temporarily used as average value for the torque limiting in the drive. In this
case, it must be ensured that at the start of the test, the brake is open, otherwise
an incorrect reference value will be determined. With the automatic torque deter-

© Siemens AG 2015 All Rights Reserved

7-326 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

mination function, the plausibility of the load torque is not checked. The currently
available holding torque is displayed in r1509 ”Force setpoint before force limiting”.
If the automatic torque determination function is not used (MD36968
$MA_SAFE_BRAKETEST_CONTROL, bit 0 = 0), then p1532 ”Torque limit offset”
should be parameterized. Also in this case, when selecting the brake test, the
holding torque required for the force due to the weight is internally measured and
the effective brake test torque adapted. Contrary to the automatic torque determi-
nation function, the plausibility of the load torque is checked.

MD36968 $MA_SAFE_BRAKETEST_CONTROL, bit 1: Criterion for reaching the

torque limit
The brake test sequence requires that during the programmed traversing distance,
the torque limit is reliably reached (MD36968 $MA_SAFE_BRAKETEST_CON-
TROL, bit 1 = 0).
If the programmed traversing distance is very short, e.g. as a result of restricted
space for the axis to move, then it can occur that the required limit value is not
reached in the short time that the axis moves (Alarm 20096 ”Axis %1 Brake test
aborted, additional information %2”).
Using MD36968 $MA_SAFE_BRAKETEST_CONTROL, bit 1 = 1, reaching the
programmed end position is no longer used as criterion for aborting the test. This
means that using its monitoring timer, the PLC itself can decide the wait time until
the torque limit is reached. The test can be continued if, during this time,
DB31--61.DBX62.5 is set = 1. If the torque limit is not reached, the PLC exits the
brake test with DB31--61.DBX11.0 = 0.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-327
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

m
Upper torque limiting + mFXS
Torque
limiting +
mFXS

3 mFXS
MD36966

2 mDrive
Torque
limiting
p1532 1 mAct

0
3 mFXS t

2 mDrive

Torque
limiting --
mFXS Uower torque limiting -- mFXS

Figure 7-35 Torque limiting for SINAMICS S120

When selecting the brake test, the holding torque required for the force due to the
weight of the axis is internally measured (mAct).

The drive must only additionally provide the difference between this torque and the
braking torque from MD36966 $MA_SAFE_BRAKETEST_TORQUE. In the 7-35
diagram, this torque is designated with mDrive.

For the non automatic torque determination function, the following applies: The
torque limiting of SINAMICS is symmetrical around the torque from drive para-
meter p1532. In the diagram 7-35 the measured torque mAct is however less than
p1532.
This is the reason that mFXS from Fig. 7-35 is entered as torque limiting.
mFXS is the sum from mDrive and drive parameter p1532. If the measured torque
mAct matches that parameterized in drive parameter p1532, mFXS becomes the
value from the MD $MA_SAFE_BRAKETEST_TORQUE.

© Siemens AG 2015 All Rights Reserved

7-328 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

7.6.3 Torque limits

The torque limits p1520[0] and p1521[0] and the reference torque p2003 are pre--
assigned when commissioning the motor. The torque limits and the reference
torque are pre--assigned differently depending on the technological application
p0500 and dependent on the hardware components being used.
Further, the torque limits p1522[0] and p1523[0] are pre--assigned as follows:
p1522[0] 63:2902:5 reference to +100% referred to p2003 in the same Motor
Module
p1523[0] 63:2902:12 reference to --100% referred to p2003 in the same Motor
Module
When using the safe brake test, these pre--assignments for p1522[0] / p1523[0]
may not be changed.
However, when upgrading the software, the following setting, which is also per-
missible, can be present:
p1522[0] 0:1.0 100% of p2003
p1523[0] 63:2900.0 reference to p2900 in the same Motor Module
p2900[0] --100% --100% of p2003
To ensure that the brake test functions without any errors, it should be checked as
to whether the required test torque in MD36966 $MA_SAFE_BRAKETEST_TOR-
QUE is not prevented from being generated due to the fact that torque limits are
effective in the drive. For details on this, please see SINAMICS List Manual, e.g.
function charts 5610 and 5620.
For instance, the selectable torque limits from p1520/p1521 and p1522/p1523 may
not be set so low that the required torque cannot be established for the brake test.
When required, p1520/p1521 or p2003 should be adapted. When making a change
to p2003, machine data 36966 should be re--determined.
Further, e.g. the following parameters can also have a limiting effect:
p1530/p1531 (power limit, motoring/regenerating)
p0640 (current limit)
p0326 (motor stall torque correction factor)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-329
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

7.6.4 Traversing direction for the brake test

The brake test must always be started when the axis is at a standstill. The direc-
tion in which the drive produces its force is specified by the PLC using the direction
specified by the traversing motion of FC18. For a brake test, the motor should
apply a force to the brake that is applied in addition to the force due to weight. The
target of this traversing motion must be able to be reached without incurring any
potential hazard (sufficient clearance to end stops) for the case that the brake can-
not provide the necessary force. As part of the application, the position can be
interrogated using conventional cams (not safety cams, as this is not a safety--
related function) that then define the traversing direction of the axis via FC8 during
the braking test.
If a brake test is executed against the force due to weight, in spite of the closed
brake, the motor must generate a torque corresponding to the force due to weight
and the test torque.
Note when using MD36968 $MA_SAFE_BRAKETEST_CONTROL, bit 0 = 0:
If a traversing direction is selected that opposes the force due to the weight, Alarm
”20097 axis %1 incorrect direction braking test” is initiated, if the actual torque,
when selecting the brake test deviates by more than 7.5% of MD36966
$$MA_SAFE_BRAKETEST_TORQUE from drive parameter p1532. This alarm
indicates that the brake test was executed with a torque that was incorrect by more
than 15%. Principally, the automatic determination of the available load torque
using MD 36968 $MA_SAFE_BRAKETEST_CONTROL, Bit 0 = 1 is the preferred
solution (see Chapter 7.6.2, Section MD36968 $MA_SAFE_BRAKETEST_CON-
TROL: Sequence control for the brake test).

7.6.5 Brake control for SINUMERIK 840D sl

If Safety Integrated is activated for an axis, then the brake can be closed using the
interface signal ”Close brake”, DB31--61, DBX23.5. The feedback signal is realized
using the interface bit ”Motor holding brake open”, DB31--61, DBX92.5. This in-
volves a single--channel control configuration. If the brake is to be safely controlled,
then the SBC function integrated in the drive must also be activated. The interface
bits for the brake, only activated in conjunction with Safety Integrated, have a
higher priority than the standard interface signal DB31--61, DBX20.5 ”Open motor
holding brake”. The ”Extended brake control” function of the S120 is used inde-
pendently of SBT.

© Siemens AG 2015 All Rights Reserved

7-330 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

7.6.6 Sequence

Warning
! The brake test must be carried out before carrying out the test stop. If the brake
test was not successful (i.e. the brake cannot hold the axis), then it is not
permissible that the test stop is carried out. Users must carefully take this into
consideration when configuring the brake test and test stop. The brake may only
be tested when the axis is in an absolutely safe position.

The brake test must always be started when the axis is at a standstill. For the
entire duration of the brake test, the enable signals of the parameterized axis must
be set to enable (e.g. the controller inhibit, feed enable signals). It must be ensured
that the feed override of 100% is effective.

Monitoring limits of the PLC sequence signals

Step Status/expected feedback Monitoring time value

Activate brake test DBX 11.0 = 1 TV_BTactiv
Brake test active DBX 71.0 = 1 TV_BTactiv
Close brake DBX 23.5 = 1 TV_Bclose
Brake closed DBX 92.5 = 0 TV_Bclose
Output traversing command DBX 64.6 or DBX 64.7 TV_FeedCommand
Check, output traversing command DBX62.5 = 1 TV_FXSreached
Wait for the holding time DBX62.5 = 1 TV_FXShold
De--select brake test/open brake DBX71.0 = 0 TV_BTactiv

The PLC signals described here are used in or as parameters in the basic program
blocks FB 11 and FC 18.
For a PLC--monitored/controlled axis, also see:
Reference: /FB2/, P2 ”Autonomous single--axis processes”

Note
The signals shown here are only intended for diagnostics and providing an
understanding. The signals should not be influenced by the user program
elsewhere.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-331
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

Sequence to test the mechanical braking

Before the brake test can be started via FB 11 (from the basic program), the NC
axis to be tested must be transferred to the PLC as ”PLC--controlled axis” During
the complete test, the axis must remain a PLC--controlled axis. Start via FB 11 can
be made after the transfer to the PLC.
The start parameter of the FB 11 must be continuously at 1 during the complete
test. With MD36968 $MA_SAFE_BRAKETEST_CONTROL bit 0 =1, shortly before
the brake is closed, the actual holding torque is determined and is temporarily used
in the drive as average value for the torque limiting. After the brake is closed, the
PLC--controlled axis is traversed in the specified direction against the brake using
FC 18. If the fixed stop is detected (”Fixed stop reached” DB31--DB61, DBX62.5),
the PLC interrupts the traversing motion (FC 18 is exited with error 30).
The reduced torque limits are withdrawn and the brake is re--opened.

© Siemens AG 2015 All Rights Reserved

7-332 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

PLC NCK
START
Transfer axes to PLC
DB31..61.DBX63.1=1 *: Motor brake connected to
S120. The control and
feedback signal must be
No PLC adapted for an
axis external/additional brake.

Y
e
-- Start FB11 Start brake test
s -- Determine holding torque
-- Start TV_BTactiv DB31..61.DBX11.0 = 1 -- Torque limiting
(time until feedback signal reduction
that SBT is active)

Brake test active

-- Start timer TV_Bclose
DB31..61.DBX71.0 = 1
(time until the brake closed
feedback signal) Close brake *
DB31..61.DBX23.5 = 1 -- Feedback signal, brake
closed
-- FB11 outputs a travel command Brake closed *
-- Start timer TV_FeedCommand DB31..61.DBX92.5 = 0
(time up to the traversing
command output)
MoveAxis

-- Start timer TV_FXSreached Output traversing command -- Detect the fixed stop
(time up to fixed DB31..61.DBX64.6 = 1 or with
stop reached) DB31..61.DBX64.7 = 1 -- Contour deviation
-- Traverse axis against -- Reaching the
closed brake at standstill torque limit
(Start FC18)

-- Start timer TV_FXShold Fixed stop reached

(time period that the DB31..61.DBX62.5 = 1
motor applies force against
the brake)
Exit brake test
DB31..61.DBX11.0 = 0
Delete traversing command
-- Monitoring time DB31..61.DBX64.6 = 0 or
expired DB31..61.DBX64.7 = 0 -- Withdraw reduced
-- Delete traversing command torque limitation
-- Exit brake text in the Brake test no longer active
NCK DB31..61.DBX71.0 = 0
-- Start TV_BTactiv Delete fixed stop reached
DB31..61.DBX62.5 = 0
-- Open brake
-- Output FB11 Done Open brake *
DB31..61.DBX23.5 = 0
END

Figure 7-36 Sequence, function test of the mechanical brake system

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-333
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

7.6.7 Description of FB11

Declaration of the function:

VAR_INPUT
Start : BOOL ; //Start of the brake test
Ackn : BOOL ; //Acknowledge error
Bclosed : BOOL ; //Brake closed input (single channel -- PLC)
Axis : INT ; //Testing axis No.
Timer No : TIMER ; //Timer from user
TV_BTactiv : S5TIME ; //TimeValue --> brake test active
TV_Bclose : S5TIME ; //TimeValue --> close brake
TV_FeedCommand : S5TIME ; //TimeValue --> force FeedCommand
TV_FXSreached : S5TIME ; //TimeValue --> Fixed stop reached
TV_FXShold : S5TIME ; //TimeValue --> test brake
END_VAR
VAR_OUTPUT
CloseBrake : BOOL ; //Signal Close brake
MoveAxis : BOOL ; //do move axis
Done : BOOL ;
Error : BOOL ;
State : BYTE ; //Errorbyte
END_VAR
The following table lists all of the formal parameters of the brake test function:

Signal Type Type Remark

Start E BOOL Starts the brake test
Ack E BOOL Acknowledge fault
Bclosed E BOOL Feedback signal input as to whether the brake has been
closed (single--channel PLC)
Axis E INT Number of the axis to be tested
TimerNo E TIMER Timer from user program
TV_Btactiv E S5TIME Monitoring time --> brake test active. Check the axis signal
DBX71.0
TV_Bclose E S5TIME Monitoring time --> close brake. Check the input signal
Bclosed after the CloseBrake output was set.
TV_FeedCommand E S5TIME Monitoring time --> output traversing command. Check
traversing commands after MoveAxis has been set.
TV_FXSreached E S5TIME Monitoring time --> fixed stop reached
TV_FXShold E S5TIME Monitoring time --> test brake
CloseBrake A BOOL Request, close brake
MoveAxis A BOOL Request, initiate traversing motion
Done A BOOL Test successfully completed

© Siemens AG 2015 All Rights Reserved

7-334 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

Signal Type Type Remark

Error A BOOL Error has occurred
State A BYTE Error status

FB11 error identifiers

State Meaning
0 No error
1 Start conditions not fulfilled, e.g. axis not under closedloop control/brake closed/
axis disabled
2 No NC checkback in ”Brake test active” signal on selection of brake test
3 No ”Brake applied” checkback by input signal Bclosed
4 No traversing command output (e.g. axis motion has not been started)
5 Fixed stop not reached --> axis reset was initiated
6 Traversing inhibit/approach too slow --> fixed stop cannot be reached. Monitoring
time TV_FXSreached has expired.
7 Brake is not holding at all (the end position is reached)/approach speed is too high
8 Brake opens during the holding time
9 Error when deselecting the brake test
10 Internal error
11 ”PLC--controlled axis” signal not enabled in the user program

Note
The block must be called by the user program. The user must provide an instance
DB with any number for this purpose. The call is multi--instance--capable.

Additional alarm support

To support the commissioning of the brake test Alarm 20096, ”Axis %1 brake test
aborted, additional information %2” can be enabled with MD11411 $MN_ENABLE_
ALARM_MASK, bit 5 = 1. This alarm supplies more detailed information if the
brake test is interrupted.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-335
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

7.6.8 Application example

Information and notes for typical applications are provided as example in the follo-
wing description.

Parameterization of the machine data

Machine data Value Description

MD37000 $MA_FIXED_STOP_MODE 2H Enable brake test
MD37030 $MA_FIXED_STOP_THRESHOLD 2 mm Threshold for fixed stop detection. The
value must be less than the traversing
distance of the FC 18
MD36966 $MA_SAFE_BRAKETEST_TORQUE % Enter test torque referred to p2003
MD36967 $MA_SAFE_BRAKETEST_POS_TOL 1 mm Position tolerance, brake test
MD36968 $MA_SAFE_BRAKETEST_CONTROL 1 Bit 0 = 1: The measured torque at the
instant in time that the brake test is selected
is used as the average value of the reduced
torque limit.

MD37000 $MA_FIXED_STOP_MODE, bit1 = 1 is the prerequisite for the SBT; only

then does the NCK evaluate the PLC signal ”Start brake test” If this is not the
case, a timeout after the brake test has started ensures that the SBT (FB11) is
aborted (see Fig. 7-36 ”Sequence function test of the mechanical braking system”).
If, when starting the brake test using axis DB.DBX11.0 = 1, it is identified that for
this axis MD36901 $MA_SAFE_FUNCTION_ENABLE = 0, then Alarm 27033
”Axis %1 parameterization of the MD %2[%3] invalid, error code %4” is output.
If the ”travel to fixed stop” function is used elsewhere, then the parameterization of
the fixed stop alarms should be adapted. The fixed stop alarms should be para-
meterized as follows for the brake test:

MD37050 $MA_FIXED_STOP_ALARM_MASK 2H Enable fixed stop alarms

MD37052 $MA_FIXED_STOP_ALARM_REACTION Bit 0 --4 =1 Response, fixed stop alarms

Example of calling FB11

AUF DB37 //Brake test Z axis
UN DBX 92.5 //Feedback signal, brake open
= M 111.5 //Brake Z axis is closed
O E 7.5; //Initiates the brake test, Z axis
O M 110.7 //Brake test already started
FP M 110.0 //Edge marker
UN M 111.4 //Fault has occurred
S M 110.7 //Brake test running

© Siemens AG 2015 All Rights Reserved

7-336 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

S M 110.6 //Start
SPBN m001 //Conditional jump
L DBB 68 //Load channel state
UW W#16#F //Mask bits
T MB 115 //Note channel state
L B#16#10 //Load fixed value
T DBB 8 //Request neutral axis
m001: NOP 0 //Jump mark
U DBX 68.6 //Feedback signal, axis is neutral
U M 110.6 //Start
FP M 110.1 //Edge marker
R M 110.6 //Start
S M 110.5 //Step 1
S DBX 28.7 //Request PLC monitored axis
U DBX 63.1 //Feedback signal, the PLC is monitoring the axis
U M 110.5 //Step 1
FP M 110.2 //Edge marker
R M 110.5 //Step 1
S M 111.0 //Start FB 11
CALL FB 11 , DB211 //Brake test block
Start := M111.0 //Start brake test
Quit := E3.7 //Acknowledge error with reset key
Bclosed :=M111.5 //Feedback signal brake not open
Axis := 7 //Axis number of axis to be tested, Z axis
TimerNo :=T 110 //Timer number
TV_BTactiv :=S5T#200MS //Monitoring time value: Brake test active
DBX71.0
TV_Bclosed :=S5T#1S, //Monitoring time value: Brake closed
TV_FeedCommand:=S5T#1S //Monitoring time value: Traversing command
output
TV_FXSreached := S5T#1S, //Monitoring time value: Fixed stop reached
TV_FXShold := S5T#2S, //Monitoring time value: Brake test time
CloseBrake := DB37.DBX23.5 //Request close brake
MoveAxis := M111.2, //Request, initiate traversing motion
Done := M111.3, //Test successfully completed
Error := M111.4, //Error occurred
State := MB112 //Error status
AUF DB 37 //Brake test Z axis
U M 111.2 //Move axis
FP M 111.5 //FC18 start
S M 111.7 //Start FC18
O M 111.3 //Test successfully completed
O M 111.4 //Error has occurred
FP M 110.3 //Edge marker
R DBX 28.7 //Request, PLC monitored axis
UN DBX 63.1 //Feedback signal, the PLC is monitoring the axis
U M 111.0 //Start the brake test for FB
U M 110.7 //Brake test running

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-337
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

SPBN m002 //Conditional jump

L MB 115 //Load noted channel state
OW W#16#10 //Mark bits
T DBB 8 //Request channel axis
m002: NOP 0;
CALL FC 18 //Traverse Z axis
Start :=M 111.7 //Start of traversing motion
Stop := FALSE //Not used
Funct := B#16#5 //Mode: Axis mode
Mode := B#16#1 //Traverse: Incremental
AxisNo := 7, //Axis number of the axis to be traversed, Z--axis
Pos := --5.000000e+000, // Distance traversed: Minus 5 mm
FRate := 1.000000e+003, //Feed: 1000 mm/min
InPos := M 113.0, //Position reached
Error := M 113.1 //Error has occurred
State := MB 114 //Error status
AUF DB 37 //Open axis DB
U M 113.0 //Position reached
O M 113.1 //Error has occurred
FP M 113.2 //Edge marker
R M 111.7 //Start FC18
U E 3.7 //Reset MCP
SPBN end //Conditional jump
U M 111.4 //Error has occurred
= DBX 28.1 //Acknowledge error with axis reset
R M 111.0 //Start FB 11
R M 110.7 //Brake test running
end: NOP 0

Determining the test torque, MD36966 $MA_SAFE_BRAKETEST_TORQUE

When determining the test torque MD36966 $MA_SAFE_BRAKETEST_TORQUE,
the maximum holding torque that occurs must first be determined. The maximum
occurring holding torque can be determined in r1509 by traversing the axis to
various positions with different forces / torques due to weight (tools or workpieces).

© Siemens AG 2015 All Rights Reserved

7-338 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

Examples to determine MD36966 $MA_SAFE_BRAKETEST_TORQUE,

p2003=100Nm:

Max. holding torque Test torque Actual torque limit before

M0max r1509 MT=M0max + 30 % SBT MT*0.85
20Nm = 20 % 26 % 22.1 %
30Nm = 30 % 39 % 33.15 %
40Nm = 40 % 52 % 44.2 %
50Nm = 50 % 65 % 55.3 %
60Nm = 60 % 78 % 66.3 %
70Nm = 70 % 91 % 77.4 %

The ”limit value of the actual torque before SBT” shown here, indicates that the
actual torque, automatically determined before the SBT, must not be lower, as
otherwise Alarm 20095 ”Axis %1 inadmissible holding torque” is output.

The test results are evaluated

Analysis using servo trace

The signal characteristics must be viewed in order to evaluate the brake test. The
behavior during the brake test can be recorded using the servo trace:
Signal selection
Control deviation
Following error
Torque limit
Torque--generating actual current value i(q)
Measurement parameters
Measurement time: 4000 ms
Trigger: No trigger

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-339
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

Figure 7-37 Servo trace brake test

© Siemens AG 2015 All Rights Reserved

7-340 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

Analysis with SinuCom NC ATW

In conjunction with the acceptance test, SinuCom NC is part of the automatic
acceptance test ATW for SBT.

Figure 7-38 Safe brake test with Sinucom NC ATW

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-341
Connecting Sensors/Actuators 10/15
7.6 Safe Brake Test (SBT)

Torque limiting when testing the SBT

Reducing the torque limit, at the end of the test,
the limit is set to 0 in order to re--establish the
additional torque to be generated.

Required torque when testing the SBT

During the test, an additional torque is established,
and at the end is withdrawn again.

Actual position when testing the SBT

Axis motion is minimal if the brake was successfully
tested. The holding current re--establishes itself at
the end of the SBT and opening the brake. Here,
a slight sag can be seen.

Setpoint of the axis--specific feed

Setpoint is output and the following error built--up.

© Siemens AG 2015 All Rights Reserved

7-342 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.6 Safe Brake Test (SBT)

7.6.9 Boundary conditions

S When testing the mechanical braking system, it is not permissible that traverse
to fixed stop (FXS) or traversing with a limited torque, FOC are simultaneously
active. In this case, Alarm 20092, ”Axis %1 travel to fixed stop still active” is
triggered.
S During the brake test, contour monitoring is not active. After the PLC has
started traversing motion then there is also no standstill monitoring.
S The function test/check of the brake mechanical system cannot be used for
gantry axes.
S For other ”travel to fixed stop” applications, machine data MD37050 $MA_
FIXED_STOP_ALARM_MASK and MD37052 $MA_FIXED_STOP_
ALARM_REACTION should be adapted.
S If FC18 is called for the same axis in the remainder of the user program, the
calls must be mutually interlocked. For example, this can be achieved via a
common call of this function with an interlocked common data interface for the
FC 18 parameters. An additional option is to call the FC 18 a multiple number of
times, in which case the inactive FC 18 must be skipped. An interlock against
being used a multiple number of times must be provided.
S The feed override should be set to 100% so that the required velocity can be
reached during the test. If this is realized via the interface, then it should be
carefully noted that if the brake test is not successful, then the override does
not statically remain at 100%. As an alternative to directly writing to the inter-
face, a message can be generated.
S The torque limits change when a parameter set is changed over.
S Changing the reference torque p2003 means that the use of a referred torque
quantity results in a different dynamic behavior. If p2003 is changed then this
alters the system behavior when the brake test is performed. In order to avoid
this, when booting, the NCK system software reads out the value from p2003
and saves it in MD $MA_SAFE_BRAKETEST_TORQUE_NORM. For each
additional control boot, MD36969 $MA_SAFE_BRAKETEST_TORQUE_NORM
is checked for changes and where relevant, Alarm 27039 ”Axis %1 parame-
terization MD %2[%3] changed, confirmation and functional test required!” is
displayed. MD36969 $MA_SAFE_BRAKETEST_ TORQUE_NORM, is included
in the axis--specific checksum $MA_SAFE_ACT_CHECKSUM[0].
S With simultaneous use of the extended brake control (r0108.14=1) and dynamic
stiffness control control (MD32640 $MA_STIFFNESS_CONTROL_ENABLE=1),
the factory setting p1152=r0899.15 must be changed (”disconnected”), and
p1152 must be set to 1.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-343
Connecting Sensors/Actuators 10/15
7.7 Safety Info Channel and Safety Control Channel

S Master--slave: The automatic test of the mechanical braking system has not
been released for master--slave couplings, as mechanical damage cannot be
fully excluded if the brake is defective due to the wide range of different
couplings available. When using a master--slave configuration, it must be de-
cided as to whether a temporary or a permanent coupling is involved. A tem-
porary coupling can be disconnected (released) before testing the mechanical
brake system so that the individual brakes are tested.
S Gantry group: The automatic test of the mechanical braking system is not
released for gantry groups, as mechanical damage cannot be fully excluded if
the brake is defective due to the wide range of different couplings.

7.7 Safety Info Channel and Safety Control Channel

Safety Info Channel

The Safety Info Channel (SIC) enables Safety Integrated functionality status infor-
mation of the drive to be transmitted to the higher--level motion control system. As
a consequence, for safety STOP responses of the drive (e.g. for STO) the motion
control is informed, so that it can respond in the best possible way. This means
that in situations such as these e.g. no additional setpoints are issued for the path,
which means that no follow--on/subsequent alarms occur that have to be acknowl-
edged. Any types of setpoint inputs, e.g. override, F or S program blocks, are
blocked by the setpoint speed limiting transferred in the SIC.
Further, the status information is made available in the PLC user interface. This
gives users the option of initiating the appropriate responses in the PLC user
program to the safety functions of the drive.

Safety Control Channel

Using the Safety Control Channel (SCC), control information is sent to the safety
functions of the drive via the higher--level control. This means that functions, such
as a brake test or a test stop, can be selected in the drive.

Use in the ”Sinumerik Safety Integrated” operating mode

This functionality is used in the following cases in the ”SINUMERIK Safety Inte-
grated” operating mode:
S Connecting external Sinamics drives with safety functionality integrated in the
drive, which are assigned to an NC axis, to the motion control.
S Using the brake test functionality integrated in the drive for the NC axes with
SINUMERIK Safety Integrated monitoring enabled.

© Siemens AG 2015 All Rights Reserved

7-344 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Connecting Sensors/Actuators
7.7 Safety Info Channel and Safety Control Channel

Note
The hardware configuration for both cases are described in an application
example, which you can find on the Internet in our ”Industry Online Support”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 7-345
Connecting Sensors/Actuators 10/15
7.7 Safety Info Channel and Safety Control Channel

Notes

© Siemens AG 2015 All Rights Reserved

7-346 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Data Description 8
8.1 Machine data for SINUMERIK 840D sl

8.1.1 Overview of the machine data

The checksum data have the following meanings:

Axis--specific checksums

CRC Functionality Change results in an alarm

AX[0] Monitoring functionality 27032 ”Axis %1 checksumme error safe monitoring.
Confirmation and acceptance test are required!”
AX[1] SINAMICS HW dependent data 27035 ”Axis %1 new HW component, acknowledgment and
function test required”
AX[2] SINAMICS coupling 27060 ”Axis %1 checksum error of drive assignment.
Confirmation and acceptance test required”

NCK checksums

CRC Functionality Change results in an alarm

NCK[0] Safe communication; SPL I/O 27070 ”Checksum error, SPL parameter assignment, and
connection; SPL functionality SPL interfaces. Confirmation and acceptance test are
required!”
NCK[1] User SPL configuration 27071 ”Checksum error, safe SPL parameterization.
Confirmation and acceptance test are required”
NCK[2] Enable I/O connection 27072 ”Checksum error, enabling safe communication.
Confirmation and acceptance test required”
NCK[3] PROFIsafe--CRC1 27073 ”Checksum error, S7 PROFIsafe configuration.
Confirmation and acceptance test required.

---- means: This data is not calculated into any checksum.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-347
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

Table 8-1 Machine data overview for SINUMERIK 840D sl

Number Identifiers Name Checksums MD

General ($MN_ ...)
10050 SYSCLOCK_CYCLE_TIME Basic system clock cycle, see /FB1/, G2 ----
10060 POSCTRL_SYSCLOCK_TIME_RATIO Factor, position controller clock cycle, ----
see /FB1/, G2

10070 IPO_SYSCLOCK_TIME_RATIO Factor, interpolator clock cycle ----

10071 IPO_CYCLE_TIME Interpolator clock cycle NCK[0]
10089 SAFE_PULSE_DIS_TIME_BUSFAIL Wait time pulse cancellation when the bus AX[0]
fails
10090 SAFETY_SYSCLOCK_TIME_RATIO Factor for monitoring clock cycle ----
10091 INFO_SAFETY_CYCLE_TIME Display, monitoring clock cycle time AX[0]
10092 INFO_CROSSCHECK_CYCLE_TIME Displays the clock cycle time for a cross- ----
wise data comparison
10093 INFO_NUM_SAFE_FILE_ACCESS Number of SPL file access operations ----
10094 SAFE_ALARM_SUPPRESS_LEVEL Alarm suppression level ----
10095 SAFE_MODE_MASK, Bit 1 Safety Integrated operating modes NCK[2]
NCK[0]
10096 SAFE_DIAGNOSIS_MASK Safety Integrated diagnostic functions ----
10097 SAFE_SPL_STOP_MODE Stop response for SPL errors NCK[0]
10098 PROFISAFE_IPO_TIME_RATIO Factor PROFIsafe communications clock NCK[0]
cycle time

10099 INFO_PROFISAFE_CYCLE_TIME PROFIsafe communications clock cycle ----

time
10200 INT_INCR_PER_MM Computational resolution for linear positions ----
see /FB1/, G2

10210 INT_INCR_PER_DEG Computational resolution for angular ----

positions see /FB1/, G2

10385 PROFISAFE_MASTER_ADRESS PROFIsafe address of the F master NCK[0]

10386 PROFISAFE_IN_ADRESS PROFIsafe address of an input module NCK[0]
10387 PROFISAFE_OUT_ADRESS PROFIsafe address of an output module NCK[0]
10388 PROFISAFE_IN_ASSIGN Assignment between an ext. SPL interface NCK[0]
$A_INSE and a PROFIsafe input module
10389 PROFISAFE_OUT_ASSIGN Assignment between an ext. SPL interface NCK[0]
$A_OUTSE and a PROFIsafe output
module

10393 SAFE_DRIVE_LOGIC_ADDRESS Logical drive addresses, SI AX[2]

11500 PREVENT_SYNACT_LOCK Protected synchronized actions ----
11602 ASUP_START_MASK Ignore stop conditions for ASUB ----
11604 ASUP_START_PRIO_LEVEL Priorities as of which ASUP_START_MASK ----
takes effect
11411 ENABLE_ALARM_MASK Activation of alarms ----
11415 SUPPRESS_ALARM_MASK_2 Suppress alarm outputs ----
13300 PROFISAFE_IN_FILTER F useful (net) data filter IN NCK[0]
13301 PROFISAFE_OUT_FILTER F net (useful) data filter OUT NCK[0]

© Siemens AG 2015 All Rights Reserved

8-348 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

Table 8-1 Machine data overview for SINUMERIK 840D sl, continued

Number Identifiers Name Checksums MD

13302 PROFISAFE_IN_ENABLE_MASK Enable screen of the connections to NCK[2]
PROFIsafe input modules
13303 PROFISAFE_OUT_ENABLE_MASK Enable screen form of the connections to NCK[2]
PROFIsafe outputs modules
13304 PROFISAFE_IN_SUBS_ENAB_MASK Activation of the substitute value output for NCK[2]
PROFIsafe input modules
13305 PROFISAFE_IN_SUBS Substitute values for passive connections to NCK[0]
PROFIsafe input modules
13307 PROFISAFE_IPO_RESERVE Number of IPO clock cycles without
PROFIsafe calculations
13308 PROFISAFE_IN_NAME Name of the PROFIsafe input module ----
13309 PROFISAFE_OUT_NAME Name of the PROFIsafe output module ----
13310 SAFE_SPL_START_TIMEOUT Delay, display Alarm 27097 ----
13312 SAFE_SPL_USER_DATA User SPL data is changed NCK[1]
13316 SAFE_GLOB_CONFIG_CHANGE_DATA Date/time of the last change SI--NCK--MD ----
13317 SAFE_GLOB_PREV_CONFIG Data, previous safety configuration ----
13318 SAFE_GLOB_ACT_CHECKSUM Actual checksum NCK ----
13319 SAFE_GLOB_DES_CHECKSUM Reference checksum ----
13320 SAFE_SRDP_IPO_TIME_RATIO Factor F_DP communication clock cycle NCK[0]
13322 INFO_SAFE_SRDP_CYCLE_TIME Maximum F_DP communication clock cycle ----
13330 SAFE_SDP_ENABLE_MASK Enable screen form F_SENDDP communi- NCK[2]
cation relationships
13331 SAFE_SDP_ID Identifier of the F_SENDDP communication NCK[0]
relationship
13332 SAFE_SDP_NAME Name of the SPL connection ----
13333 SAFE_SDP_CONNECTION_NR Number of the SPL connection NCK[0]
13334 SAFE_SDP_LADDR Basis address of the input/output data area NCK[0]
F_SENDDP
13335 SAFE_SDP_TIMEOUT Monitoring time for F_SENDDP NCK[0]
13336 SAFE_SDP_ASSIGN Output assignment.$A_OUTSE to NCK[0]
F_SENDDP net data
13337 SAFE_SDP_FILTER F net data filter between $A_OUTSE and NCK[0]
F_SENDDP
13338 SAFE_SDP_ERR_REAC Error response NCK[0]
13340 SAFE_RDP_ENABLE_MASK Enable screen form F_RECVDP communi- NCK[2]
cation relationship
13341 SAFE_RDP_ID Identifier of the F_RECVDP communication NCK[0]
relationship
13342 SAFE_RDP_NAME Name of the SPL connection ----
13343 SAFE_RDP_CONNECTION_NR Assignment, SPL connection to system NCK[0]
variables
13344 SAFE_RDP_LADDR Basis address of the input/output data area, NCK[0]
F_RECVDP
13345 SAFE_RDP_TIMEOUT Monitoring time for F_RECVDP NCK[0]

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-349
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

Table 8-1 Machine data overview for SINUMERIK 840D sl, continued

Number Identifiers Name Checksums MD

13346 SAFE_RDP_ASSIGN Input assignment F_RECVDP net data to NCK[0]
$A_INSE
13347 SAFE_RDP_FILTER F net data filter between F_RECVDP and NCK[0]
$A_INSE
13348 SAFE_RDP_ERR_REAC Error response NCK[0]
13349 SAFE_RDP_SUBS Substitute values in the case of an error NCK[0]
13370 SAFE_MODE Safety operating mode ----
13374 SAFE_INFO_DRIVE_ADDR Logical basis addresses for the SIC/SCC ----
communication between NCK and drive
13376 SAFE_INFO_TELEGRAM_TYPE SIC/SCC telegram number ----
Channel--specific ($MC_ ... )
20106 PROG_EVENT_IGN_SINGLEBLOCK PROG_EVENTs ignore the single block ----
20107 PROG_EVENT_IGN_INHIBIT PROG_EVENTs ignore the read--in inhibit ----
20108 PROG_EVENT_MASK Event--controlled program call ----
20192 PROG_EVENT_IGN_PROG_STATE Do not display the execution of the prog ----
events on the OPI
20700 REFP_NC_START_LOCK NC--Start disable without reference point ----
28251 MM_NUM_SAFE_SYNC_ELEMENTS Number of elements for expressions in ----
safety synchronized actions
Axis/spindlespecific ($MA_ ...)
30130 CTRLOUT_TYPE Setpoint output type ----
30240 ENC_TYPE Encoder type of the actual value sensing ----
(position actual value) see /FB1/, G2

30300 IS_ROT_AX Rotary axis/spindle see /FB1/, R2 ----

30320 DISPLAY_IS_MODULO Modulo 360 degrees display for rotary axis ----
or spindle see /FB1/, R2

30330 MODULO_RANGE Size of the modulo range see /FB1/, R2 ----

32300 MA_AX_ACCEL Axis acceleration see /FB1/, B2 ----
35200 GEAR_STEP_SPEEDCTRL_ACCEL Acceleration in the open--loop speed con- ----
trolled mode see /FB1/, S1

35210 GEAR_STEP_POSCTRL_ACCEL Acceleration in the closed--loop position ----

controlled mode see /FB1/, S1
35410 SPIND_OSCILL_ACCEL Acceleration when oscillating see /FB1/, S1 ----
36060 STANDSTILL_VELO_TOL Threshold velocity/speed ”axis/spindle ----
stationary” see /FB1/, A2
36620 SERVO_DISABLE_DELAY_TIME Shutdown delay controller enable ----
see /FB1/, A2

36901 SAFE_FUNCTION_ENABLE Enable safety--related functions AX[0]

36902 SAFE_IS_ROT_AX Rotary axis AX[0]
36903 SAFE_CAM_ENABLE Enable safe cam track AX[0]
36904 SAFE_ADD_FUNCTION_MASK Enables additional functions for Safety AX[0]
Integrated
36905 SAFE_MODULO_RANGE Modulo value safe cams AX[0]

© Siemens AG 2015 All Rights Reserved

8-350 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

Table 8-1 Machine data overview for SINUMERIK 840D sl, continued

Number Identifiers Name Checksums MD

36906 SAFE_CTRLOUT_MODULE_NR SI drive assignment AX[2]
36907 SAFE_DRIVE_PS_ADDRESS PROFIsafe address of the drive AX[2]
36909 SAFE_ENC_MEAS_STEPS_RESOL Resolution measuring steps for linear AX[0]
absolute encoders
36912 SAFE_ENC_INPUT_NR Actual value assignment: Drive encoder AX[2]
number

36913 SAFE_ENC_MEAS_STEPS_POS1 Non--safety--related measuring steps POS1 AX[0]

36914 SAFE_SINGLE_ENC SI single--encoder system AX[0]
36916 SAFE_ENC_IS_LINEAR Linear scale AX[0]
36917 SAFE_ENC_GRID_POINT_DIST Grid spacing, linear scale AX[0]
36918 SAFE_ENC_RESOL Encoder pulses per revolution AX[0]
36919 SAFE_ENC_PULSE_SHIFT Shift factor of the encoder multiplication AX[0]
36920 SAFE_ENC_GEAR_PITCH Leadscrew pitch AX[0]
36921 SAFE_ENC_GEAR_DENOM[n] Denominator, gearbox ratio encoder/load AX[0]
36922 SAFE_ENC_GEAR_NUMERA[n] Numerator, gearbox ratio encoder/load AX[0]
36923 SAFE_INFO_ENC_RESOL safety--relevant encoder resolution ----
36924 SAFE_ENC_NUM_BITS[0] Bit information of the redundant actual value AX[1]
SAFE_ENC_NUM_BITS[1] AX[1]
SAFE_ENC_NUM_BITS[2] AX[0]
SAFE_ENC_NUM_BITS[3] AX[0]
36925 SAFE_ENC_POLARITY Direction reversal actual value AX[0]
36927 SAFE_ENC_MOD_TYPE Encoder evaluation type AX[1]
36928 SAFE_ENC_IDENT Encoder identification AX[1]
36929 SAFE_ENC_CONF Configuration of the redundant actual value AX[1]
36930 SAFE_STANDSTILL_TOL Standstill tolerance AX[0]
36931 SAFE_VELO_LIMIT[n] Limit value for safely reduced speed AX[0]
36932 SAFE_VELO_OVR_FACTOR[n] SG selection values AX[0]
36933 SAFE_DES_VELO_LIMIT{n] SG setpoint speed limiting ----
36934 SAFE_POS_LIMIT_PLUS[n] Upper limit value for safe limit position AX[0]
36935 SAFE_POS_LIMIT_MINUS[n]] Lower limit value for safe limit position AX[0]
36936 SAFE_CAM_POS_PLUS[n] Plus cams position for safe cams AX[0]
36937 SAFE_CAM_POS_MINUS[n] Minus cams position for safe cams AX[0]
36938 SAFE_CAM_TRACK_ASSIGN[n] Cam track assignment AX[0]
36940 SAFE_CAM_TOL Tolerance for safe cams AX[0]
36942 SAFE_POS_TOL Tolerance, actual value comparison AX[0]
(crosswise)
36944 SAFE_REFP_POS_TOL Tolerance, actual value comparison AX[0]
(referencing)

36945 SAFE_VELO_X_FILTER_TIME Filter time n< nx AX[0]

36946 SAFE_VELO_X Speed limit n<nx AX[0]
36947 SAFE_VELO_X_HYSTERESIS Speed hysteresis n<nx AX[0]

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-351
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

Table 8-1 Machine data overview for SINUMERIK 840D sl, continued

Number Identifiers Name Checksums MD

36948 SAFE_STOP_VELO_TOL Speed tolerance for safe acceleration AX[0]
monitoring

36949 SAFE_SLIP_VELO_TOL Speed tolerance, slip AX[0]

36950 SAFE_MODE_SWITCH_TIME Tolerance time for SGE changeover AX[0]
36951 SAFE_VELO_SWITCH_DELAY Delay time, speed changeover AX[0]
36952 SAFE_STOP_SWITCH_TIME_C Transition time, STOP C to safe Standstill AX[0]
36953 SAFE_STOP_SWITCH_TIME_D Transition time, STOP D to safe Standstill AX[0]
36954 SAFE_STOP_SWITCH_TIME_E Transition time, STOP E to safe Standstill AX[0]
36955 SAFE_STOP_SWITCH_TIME_F Transition time STOP F to STOP B AX[0]
36956 SAFE_PULSE_DISABLE_DELAY Delay time, pulse cancellation AX[0]
36957 SAFE_PULSE_DIS_CHECK_TIME Time to check pulse cancellation AX[0]
36958 SAFE_ACCEPTANCE_TST_TIMEOUT Time limit for the acceptance test duration AX[0]
36960 SAFE_STANDSTILL_VELO_TOL Shutdown speed, pulse cancellation AX[0]
36961 SAFE_VELO_STOP_MODE Stop response, safely reduced speed AX[0]
36962 SAFE_POS_STOP_MODE Stop response, safe limit position AX[0]
36963 SAFE_VELO_STOP_REACTION[n] Stop response, safely reduced speed AX[0]
36964 SAFE_IPO_STOP_GROUP Grouping, safety IPO response ----
36965 SAFE_PARK_ALARM_SUPPRESS Alarm suppression for parking axes AX[0]
36966 SAFE_BRAKETEST_TORQUE Holding torque, brake test AX[0]
36967 SAFE_BRAKETEST_POS_TOL Position tolerance, brake test AX[0]
36968 SAFE_BRAKETEST_CONTROL Extended settings for the brake test AX[0]
36969 SAFE_BRAKETEST_TORQUE_NORM Reference quantity for the holding torque, AX[0]
brake test
36970 SAFE_SVSS_DISABLE_INPUT Input assignment, SBH/SG deselection AX[0]
36971 SAFE_SS_DISABLE_INPUT Input assignment, SBH deselection AX[0]
36972 SAFE_VELO_SELECT_INPUT[n] Input assignment, SG selection AX[0]
36973 SAFE_POS_SELECT_INPUT Input assignment, SE selection AX[0]
36974 SAFE_GEAR_SELECT_INPUT[n] Input assignment, gearbox ratio selection AX[0]
36977 SAFE_EXT_STOP_INPUT[n] Input assignment, external brake request AX[0]
36978 SAFE_OVR_INPUT[n] Input assignment, SG override AX[0]
36980 SAFE_SVSS_STATUS_OUTPUT Output assignment, SBH/SG active AX[0]
36981 SAFE_SS_STATUS_OUTPUT Output assignment for SBH active AX[0]
36982 SAFE_VELO_STATUS_OUTPUT[n] Output assignment active SG selection AX[0]
36985 SAFE_VELO_X_STATUS_OUTPUT Output assignment for n < nx AX[0]
36987 SAFE_REFP_STATUS_OUTPUT Output assignment, axis safely referenced AX[0]
36988 SAFE_CAM_PLUS_OUTPUT[n] Output assignment, SN1+ to SN4+ AX[0]
36989 SAFE_CAM_MINUS_OUTPUT[n] Output assignment, SN1-- to SN4-- AX[0]
36990 SAFE_ACT_STOP_OUTPUT[n] Output assignment, active STOP AX[0]
36992 SAFE_CROSSCHECK_CYCLE Displays axis--specific crosswise compari- ----
son clock cycle

© Siemens AG 2015 All Rights Reserved

8-352 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

Table 8-1 Machine data overview for SINUMERIK 840D sl, continued

Number Identifiers Name Checksums MD

36993 SAFE_CONFIG_CHANGE_DATE[n] Date/time of the last change SI--NCK--MD ----
36994 SAFE_PREV_CONFIG[n] Data, previous safety function ----
36995 SAFE_STANDSTILL_POS Standstill position ----
36997 SAFE_ACKN User agreement ----
36998 SAFE_ACT_CHECKSUM Actual checksum ----
36999 SAFE_DES_CHECKSUM Reference checksum ----
37000 FIXED_STOP_MODE Travel to fixed stop mode ----
37900 SAFE_CAM_TRACK_OUTPUT Output assignment cam tracks 1 to 4 AX[0]
37901 SAFE_CAM_RANGE_OUTPUT_1 Output assignment, cam range for cam AX[0]
track 1
37902 SAFE_CAM_RANGE_OUTPUT_2 Output assignment, cam range for cam AX[0]
track 2
37903 SAFE_CAM_RANGE_OUTPUT_3 Output assignment, cam range for cam AX[0]
track 3
37904 SAFE_CAM_RANGE_OUTPUT_4 Output assignment, cam range for cam AX[0]
track 4
37906 SAFE_CAM_RANGE_BIN_OUTPUT_1 Output assignment, cam range bit for cam AX[0]
track 1
37907 SAFE_CAM_RANGE_BIN_OUTPUT_2 Output assignment, cam range bit for cam AX[0]
track 2
37908 SAFE_CAM_RANGE_BIN_OUTPUT_3 Output assignment, cam range bit for cam AX[0]
track 3
37909 SAFE_CAM_RANGE_BIN_OUTPUT_4 Output assignment, cam range bit for cam AX[0]
track 4
37920 SAFE_STANDSTILL_VELO_LIMIT Switchover speed, safe operating stop AX[0]
37922 SAFE_STANDSTILL_DELAY Delay time switching over to safe operating AX[0]
stop
37950 SAFE_INFO_ENABLE SIC/SCC and PROFIsafe enable ----
37954 SAFE_INFO_MODULE_NR SIC/SCC module number ----

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-353
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

8.1.2 Description of machine data

General information
General information about machine data and an explanation of their contents such
as units, data type, protective stage, effectiveness, etc. can be found in the follow-
ing references:
Reference: /LIS1/ List Manual Machine Data SINUMERIK 840D sl

10050 $MN_SYSCLOCK_CYCLE_TIME
MD number Basic system clock cycle
Default value: 0.004 Min. input limit: 0.000125 Max. input limit: 0.031
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: Double
Meaning: Basic clock cycle time of the system software
The clock cycle times of cyclic tasks (position controller/IPO) are set in a multiple of this
basic clock cycle. Apart from special applications in which POSCTRL_SYSC-
LOCK_TIME_RATIO is set to a value greater than 1, the basic clock cycle corresponds to
the position controller clock cycle.
For systems with PROFIBUS--DP connection, this MD corresponds to the PROFIBUS--DP
cycle time. When booting, this time is read out of the configuring file (SDP type 2000) and
written into the MD.
This MD can only be changed using the configuring file.

Note:
If this MD is reduced, then this can result in an automatic correction of
POSCTRL_CYCLE_DELAY, that cannot be undone at the next increase!

Details:
The basic clock cycle is an integer multiple (SYSCLOCK_SAMPL_TIME_RATIO) of units
of the clock cycle of the measured value sampling. When the system boots, the entered
value is automatically rounded to a multiple of this incrementing.

Note:
After a POWER OFF/ON, discrete timer division ratios may produce a value that is not an
integer of the input value.
e.g.
Entry =0.005s
after power OFF/ON =0.00499840
or
Entry =0.006s
after power OFF/ON =0.0060032
Special cases, errors,...
corresponds with..

© Siemens AG 2015 All Rights Reserved

8-354 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

10060 $MN_POSCTRL_SYSCLOCK_TIME_RATIO
MD number Factor for position--control cycle
Default value: 1 Min. input limit: 1 Max. input limit: 31
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The position control clock cycle is entered as a multiple of the time units of the basic
system clock cycle SYSCLOCK_CYCLE_TIME.
The default setting is ”1”. This means that the position control clock cycle corresponds to
the basic system clock cycle SYSCLOCK_CYCLE_TIME.

Setting values > 1 involves computation time for processing the additional timer interrupts
by the operating system and should only be used in cases where a task exists in the
system that should run faster than the position controller clock cycle.
For systems with PROFIBUS--DP connection, this MD represents ratio between the
PROFIBUS--DP clock cycle and position controller clock cycle.
Special cases, errors,...
corresponds with..

10070 $MN_IPO_SYSCLOCK_TIME_RATIO
MD number Factor for interpolator clock cycle
Default value: 4 Min. input limit: 1 Max. input limit: 100
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The interpolator clock cycle is entered as a multiple of the time units of the basic system
clock cycle SYSCLOCK_CYCLE_TIME.
It is only permissible to set integer multiples of the position controller clock cycle (set using
POSCTRL_SYSCLOCK_TIME_RATIO). Values, that do not represent an integer multiple
of the position controller clock cycle are automatically increased to the next integer multiple
of the position controller clock cycle before they become effective (at the next boot).
In this case, Alarm 4102 ”IPO cycle increase to [ ] ms” is output.
Special cases, errors,...
corresponds with.. MD10060 POSCTRL_SYSCLOCK_TIME_RATIO

10071 $MN_IPO_CYCLE_TIME
MD number Interpolator clock cycle
Default value: 0.0 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Interpolation time
Displays the interpolator clock cycle time (this cannot be modified !).
Internally, this is formed from the machine data SYSCLOCK_CYCLE_TIME and
IPO_SYSCLOCK_TIME_RATIO.
Special cases, errors,...
corresponds with.. MD10050 SYSCLOCK_CYCLE_TIME
MD10070 IPOL_SYSCLOCK_TIME_RATIO

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-355
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

10089 $MN_SAFE_PULSE_DIS_TIME_BUSFALL
MD number Wait time pulse cancellation when the bus fails
Default value: 0.0 Min. input limit: 0.0 Max. input limit: 0.8
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: Time after which a communication failure to the drive occurs the pulses are safely
canceled. During this time it is still possible to implement a response that is executed
independently in the drive (refer to extended stop and retract).
In the following cases, the system does not wait for this time up to pulse cancellation to
expire:
S When selecting an external STOP A, a test stop
S When SBH is active or SBH is selected
S For an active SG stage or when selecting an SG stage for which immediate pulse
cancellation is parameterized in MD36961 $MA_SAFE_VELO_STOP_MODE or
MD36963 $MA_SAFE_VELO_STOP_REACTION.
Note:
This value is is transferred to drive parameter p9580 using the copy function of SI--MD and
compared in a crosswise data comparison.
This general machine data is included in the axis--specific checksum calculation of the
safety--related machine data (MD36998 $MA_SAFE_ACT_CHECKSUM, MD36999
$MA_SAFE_DES_CHECKSUM).
Special cases, errors,...
corresponds with..

10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
MD number Factor for monitoring clock cycle
Default value: 3 Min. input limit: 1 Max. input limit: 50
Change becomes effective after: POWER ON Protection level: 7/1 Unit: --
Data type: DWORD
Meaning: Ratio between the monitoring and system basic clock cycle. The monitoring clock cycle is
the product of this data and MD10050 $MN_SYSCLOCK_CYCLE_TIME.
Special cases, errors,... The monitoring clock cycle is checked during run--up:
S It must be an integer multiple of the position control clock cycle
S it must be < 25 ms
If these conditions are not fulfilled, the factor is rounded--off to the next possible value. The
monitoring cycle that is actually set is displayed using MD10091 $MN_INFO_SAFETY_
CYCLE_TIME.
Further, the value for the crosswise data comparison clock cycle that is displayed using
MD10092 $MN_INFO_CROSSCHECK_CYCLE_TIME also changes.
Note:
The monitoring clock cycle defines the response time of the monitoring functions. It should
be noted that a short monitoring clock cycle time increases the load on the CPU.
corresponds with.. MD10050 $MN_SYSCLOCK_CYCLE_TIME
MD10091 $MN_INFO_SAFETY_CYCLE_TIME
MD10092 $MN_INFO_CROSSCHECK_CYCLE_TIME

© Siemens AG 2015 All Rights Reserved

8-356 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

10091 $MN_INFO_SAFETY_CYCLE_TIME
MD number Displays the monitoring clock cycle time
Default value: 0.0 Min. input limit: -- Max. input limit:
Change becomes effective after: POWER ON Protection level: 7/0 Unit: s
Data type: DOUBLE
Meaning: Display data:
Set monitoring clock cycle in seconds. Is obtained from MD10050 $MN_SYSCLOCK_
CYCLE_TIME and MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO.
The data value is always re--calculated as soon as one of the following data is changed:
MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
MD10060 $MN_POSCTRL_SYSCLOCK_TIME_RATIO
MD10050 $MN_SYSCLOCK_CYCLE_TIME
The new value only becomes effective after POWER ON.
corresponds with: MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
Additional references /FBSIsl/ see Chapter 5.1, ”Monitoring clock cycle”, Chapter 5.2 ”Crosswise data
comparison”

10092 $MN_INFO_CROSSCHECK_CYCLE_TIME
MD number Displays the clock cycle time for a crosswise data comparison
Default value: 0.0 Min. input limit: -- Max. input limit:
Change becomes effective after: POWER ON Protection level: 7/-- Unit: s
Data type: DOUBLE
Meaning: Display data:
Maximum crosswise data comparison in seconds.
This is obtained from the MD10091 $MN_INFO_SAFETY_CYCLE_TIME and the number
of data to be compared crosswise (depending on the functionality that has been enabled,
this can differ for the individual axes).
The data value is always re--calculated as soon as one of the following data is changed:
MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
MD10060 $MN_POSCTRL_SYSCLOCK_TIME_RATIO
MD10050 $MN_SYSCLOCK_CYCLE_TIME
The new value only becomes effective after POWER ON.
corresponds with ... MD10090 $MN_SAFETY_SYSCLOCK_TIME_RATIO
MD36992 $MA_SAFE_CROSSCHECK_CYCLE
Additional references /FBSIsl/ see Chapter 5.1, ”Monitoring clock cycle”, Chapter 5.2 ”Crosswise data
comparison”

10093 $MN_INFO_NUM_SAFE_FILE_ACCESS
MD number Number of SPL file access operations
Default value: 0 Min. input limit: 0 Max. input limit: --
Change becomes effective after: POWER ON Protection level: 0/0 Unit: --
Data type: DWORD
Meaning: Display data: SPL file /_N_CST_DIR/_N_SAFE_SPF has been accessed n--times in the
protected state. This MD is only used for service purposes. The value of the MD can only
be 0 or 1. The value cannot be changed.
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-357
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

10094 $MN_SAFE_ALARM_SUPPRESS_LEVEL
MD number Alarm suppression level
Default value: 2 Min. input limit: 0 Max. input limit: 113
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: Influences the display of safety alarms.
The monitoring channels NCK and drive or NCK and PLC display alarms with the same
significance in several situations.
In order to reduce the size of the alarm screen, this MD is used to specify whether safety
alarms with the same significance are to be suppressed. The two--channel stop response is
not influenced by the setting.
0 = alarms triggered in two channels are displayed to the full extent
-- two--channel display of all axis--specific safety alarms
-- Alarm 27001, fault code 0 is displayed
-- Alarms 27090, 27091, 27092, 27093 and 27095 are displayed through two channels and
a multiple number of times.
1 = alarms with the same meaning are only displayed once.
This involves the following alarms and messages:
27010 = C01707
27011 = C01714
27012 = C01715
27013 = C01706
27020 = C01710
27021 = C01709
27022 = C01708
27023 = C01701
27024 = C01700
For these alarms, only one of the specified alarms (270xx or C01xxx) is initiated. The alarm
of the monitoring channel that then subsequently initiates the alarm with the same signifi-
cance, is no longer displayed.
Furthermore, Alarm 27001 with fault code 0 is suppressed. This alarm occurs as a result of
drive Alarm C01711. In this particular case, drive parameters r9710[0,1], r9711[0,1],
r9735[0,1], r9736[0,1], r9737[0,1], r9738[0,1], r9739[0,1] provide information regarding the
cause of the error.
2 = default setting
Going beyond the functionality with MD value=1, the alarms from the SPL processing
(27090, 27091, 27092, 27093 and 27095) are only displayed through one channel and only
once. This also applies to alarms of the PROFIsafe communications (27250 and following).
3 = axis--specific alarms 27000 and A01797 are replaced by Alarm message 27100 for all
axes/drives. Alarm 27040 is replaced by Alarm 27140 for all axes/drives.
12 = going beyond the functionality with MD value = 2, the alarms are prioritized. What
appears to be apparent follow--on alarms are no longer displayed or are automatically
cleared from the display.
The following alarms may be involved:
27001, 27004, 27020, 27021, 27022, 27023, 27024, 27091, 27101, 27102, 27103, 27104,
27105, 27106, 27107
13= going beyond the functionality with MD value = 3, the alarms are assigned priorities as
for MD value 12.
1xx (100 position set) = axis--specific checksum alarms of the NCK (27032, 27035, 27060)
are replaced in the SPL commissioning mode (MD11500 $MN_PREVENT_SYN-
ACT_LOCK[0,1] = 0) by alarm 27135 for all axes.
This machine data must be set to 0 to generate an acceptance report. This allows the
system to document all of the alarms that have been initiated.

Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-358 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

10095 $MN_SAFE_MODE_MASK
MD number ’Safety Integrated’ operating modes
Default value: 0 Min. input limit: 0 Max. input limit: 0x001E
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Bit 1=0: The ”Modular PROFIsafe I/O interface” function is not active.
Bit 1=1: The ”Modular PROFIsafe I/O interface” function is active.
Bit 2=0: The reduced language scope for SAFE.SPF is only activated for an automatic start
when booting (MD20108 $MC_PROG_EVENT_MASK bit 5)
Bit 2=1: The reduced language scope for SAFE.SPF is also activated if SAFE.SPF is called
using the CALL command
Bit 3=0: all PROFIsafe drivers in one IPO clock cycle
Bit 3=1: PROFIsafe driver distributed over several IPO clock cycles
Bit 4=0: in safety operating mode ”SINUMERIK Safety Integrated (SPL)”, it is not possible
to couple NC axes to the drive monitoring functions via SIC/SCC
Bit 4=1: in safety operating mode ”SINUMERIK Safety Integrated (SPL)”, it is permissible to
couple NC axes to the drive monitoring functions via SIC/SCC
corresponds with ... Bit 1:
MD13302 $MN_PROFISAFE_IN_ENABLE_MASK
MD13303 $MN_PROFISAFE_OUT_ENABLE_MASK
Bit 2:
MD20108 $MC_PROG_EVENT_MASK, bit 5

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-359
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

10096 $MN_SAFE_DIAGNOSIS_MASK
MD number ’Safety Integrated’ diagnostic functions
Default value: 1 Min. input limit: 0 Max. input limit: 0x000F
Change becomes effective after: NewConf Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Bit 0=0
SGE differences between NCK and the drive monitoring channels are not displayed
Bit 0=1
Default setting: SGE differences between NCK and the drive monitoring channels are
displayed
Differences between the following SGEs are detected (the listed bit numbers refer to the
axis--specific mapping of the SGEs -- these correspond to the assignment of the axis--
specific VDI interface):
Bit 0: SBH/SG deselection = DB3<x>.DBX22.0
Bit 1: SBH deselection = DB3<x>.DBX22.1
Bit 3: SG selection, bit 0 = DB3<x>.DBX22.3
Bit 4: SG selection, bit 1 = DB3<x>.DBX22.4
Bit 12: SE selection = DB3<x>.DBX23.4
Bit 28: SG correction, bit 0 = DB3<x>.DBX33.4
Bit 29: SG correction, bit 1 = DB3<x>.DBX33.5
Bit 30: SG correction, bit 2 = DB3<x>.DBX33.6
Bit 31: SG correction, bit 3 = DB3<x>.DBX33.7
The differences are indicated using message Alarm 27004.
Bit 1 = 0:
Default setting: Displays an unsuccessful SPL start after the timer defined in MD13310
SAFE_SPL_START_TIMEOUT has expired with Alarm 27097
Bit 1 = 1:
Display of Alarm 27097 is suppressed.
Alarm 27097 indicates, that in spite of the SPL configuration, SPL was not started after the
time set in MD13310
$MN_SAFE_SPL_START_TIMEOUT had expired. For the cause, refer to the description of
Alarm 27097.
Bit 2 = 0: Default setting: Communication errors with SFC error codes are displayed using
Alarm 27354
Bit 2 = 1: Display of Alarm 27354 is suppressed
Bit 3 = 0: Default setting: Display of Alarm 27038, if, in drive parameter r0474 an unknown
bit is set.
Bit 3 = 1: Display of Alarm 27038 is suppressed.
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-360 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

10097 $MN_SAFE_SPL_STOP_MODE
MD number Stop response for SPL errors
Default value: 3 Min. input limit: 3 Max. input limit: 4
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: Selects the stop response when errors are detected in the crosswise data comparison of
NCK and PLC--SPL
3: STOP D
4 STOP E
When the value 4 is entered in this MD (Stop E) without enabling the external Stop E in all
axes with SI function enable signals (MD36901 $MA_SAFE_FUNCTION_ENABLE not
equal to 0) results in Alarm 27033 with reference to this MD.
To remedy this, either parameterize STOP D or set bit 4 and bit 6 in MD36901
$MA_SAFE_FUNCTION_ENABLE for all of the axes involved. If this MD is set to 4, then
DB18.DBX36.1 (STOP E) must also be set to 1 in order to communicate this parameteriza-
tion to the PLC. For a different parameterization, Alarm 27090 is output.
Special cases, errors,...

10098 $MN_PROFISAFE_IPO_TIME_RATIO
MD number Factor PROFIsafe communications clock cycle time
Default value: 1 Min. input limit: 1 Max. input limit: 25
Change becomes effective after: POWER ON Protection level: 7/1 Unit: --
Data type: DWORD
Meaning: Ratio between PROFIsafe communication and interpolation clock cycle. The actual
PROFIsafe communication clock cycle is the product from this data and MD10071
$MN_IPO_CYCLE_TIME and is displayed in MD10099 $MN_INFO_PROFISAFE_
CYCLE_TIME. In this clock cycle, OB40 on the PLC side is initiated from the NCK to
enable communication between the F master and F slaves.
The PROFIsafe communications clock cycle may not be greater than 25 ms.
Special cases, errors,...

10099 $MN_INFO_PROFISAFE_CYCLE_TIME
MD number PROFIsafe communications clock cycle time
Default value: 0.0 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/0 Unit: s
Data type: DOUBLE
Meaning: Display data:
Displays the maximum time grid for communications between an F master and F slave.
PROFIsafe communications via the OB40 in the PLC use this time grid.
The value is obtained from the interpolator clock cycle and MD10098 $MN_PROFI-
SAFE_IPO_TIME_RATIO.
When the set communication clock cycle is exceeded, this is also displayed here.
In the case of an incorrect parameterization (communication clock cycle exceeds the
maximum value of 25.0 ms) then the maximum value that can be set is displayed.
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-361
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

10385 $MN_PROFISAFE_MASTER_ADDRESS[0...2]
MD number PROFIsafe address of the master module
Default value: 0 Min. input limit: 0 Max. input limit: 0x0500FA7DH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Defines the PROFIsafe address for the F master NCK/PLC. This is used to uniquely assign
an F master to an F slave. This parameter must be entered in accordance with the
”F_source_address” parameter set in S7--ES for the F slaves. An attempt to establish
communications is only made for F slaves that have entered this address.
Format: 0s 00 aaaa
s: Bus segment (5 = I/O connection on the PLC side)
aaaa: Hexadecimal PROFIsafe address of the F master
Special cases, errors,...

10386 $MN_PROFISAFE_IN_ADDRESS[0...47]
MD number PROFIsafe address of an input module
Default value: 0 Min. input limit: 0 Max. input limit: 0x0502FFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Definition of the PROFIsafe target address of an input module
Format: 0s 0x aaaa
s: Bus segment (5 = I/O connection on the PLC side)
x: Sub--slot address
Value range: 0...2
x = 0 addresses the F net data signals 1 ...32
x = 1 addresses the F net data signals 33 ...64
x = 2 addresses the F net data signals 65...96
aaaa: Hexadecimal PROFIsafe address of the F module
Special cases, errors,...

10387 $MN_PROFISAFE_OUT_ADDRESS[0...47]
MD number PROFIsafe address of an output module
Default value: 0 Min. input limit: 0 Max. input limit: 0x0502FFFFH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: PROFIsafe target address of an output module
Format: 0s 0x aaaa
s: Bus segment (5 = I/O connection on the PLC side)
x: Sub--slot address
Value range: 0...2
x = 0 addresses the F net data signals 1 ...32
x = 1 addresses the F net data signals 33 ...64
x = 2 addresses the F net data signals 65...96
aaaa: Hexadecimal PROFIsafe address of the F module
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-362 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

10388 $MN_PROFISAFE_IN_ASSIGN[0...47]
MD number Input assignment $A_INSE to PROFIsafe module
Default value: 0 Min. input limit: 0 Max. input limit: 192192
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Assignment between an ext. SPL interface $A_INSE and a PROFIsafe input module
The SPL area data is specified in the decimal notation in the following format: aaa bbb
withaaa = area limit 1, SPL signal $A_INSE[aaa]
bbb = area limit 2, SPL signal $A_INSE[bbb]
Example:
$MN_PROFISAFE_IN_ASSIGN[0] = 001 004 or alternatively 004 001:
System variables $A_INSE[1...4] are supplied with the state of the input terminals of the
PROFIsafe module, which was parameterized using MD10386 $MN_PROFISAFE_IN_
ADDRESS[0] and selected using MD13300 $MN_PROFISAFE_IN_FILTER[0].
Special cases, errors,...

10389 $MN_PROFISAFE_OUT_ASSIGN[0...47]
MD number Output assignment, $A_OUTSE to PROFIsafe module
Default value: 0 Min. input limit: 0 Max. input limit: 192192
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Assignment between an ext. SPL interface $A_OUTSE and a PROFIsafe output module
The SPL area data is specified in the decimal notation in the following format: aaa bbb
with aaa = area limit 1, SPL signal $A_OUTSE[aaa]
bbb = area limit 2, SPL signal $A_OUTSE[bbb]
Example:
$MN_PROFISAFE_OUT_ASSIGN[0] = 064 061 or alternatively 061 064:
The output terminals selected in MD13301 $MN_PROFISAFE_IN_FILTER[0] of the
PROFIsafe module parameterized using MD10387 $MN_PROFISAFE_OUT_ADDRESS[0]
are supplied with the states of system variables $A_OUTSE[61...64].
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-363
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

10393 $MN_SAFE_DRIVE_LOGIC_ADDRESS[0...30]
MD number Logical drive addresses, SI
Default value: 6700, 6724, 6748, Min. input limit: 258 Max. input limit: 16383
6772...
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Logical I/O addresses of the SI telegram of drives connected to PROFIBUS. An address is
assigned to a drive.
Special cases, errors,...

Note:
The value of the MD field entry, which is effective for an axis via MD36906
$MA_SAFE_CTRLOUT_MODULE_NR is incorporated in the calculation of
MD36998 $MA_SAFE_ACT_CHECKSUM[2].
The parameterization in MD10393 $MN_SAFE_DRIVE_LOGIC_ADDRESS corre-
lates with the logical I/O addresses that were defined when configuring the tele-
gram.

11411 $MN_ENABLE_ALARM_MASK
MD number Activation of alarms
Default value: 0 Min. input limit: -- Max. input limit: --
Change becomes effective after: RESET Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Screen form to generate alarms, which are normally suppressed.
Bit set: Alarms of this alarm group are output.
Bit not set: Alarms of this alarm group are not output.

Bit hex. value, Meaning

=====================================================================
0: 0x1 Alarms are output, which have as alarm response SHOWALARMAUTO.
1: 0x2 Alarms are output, which have as alarm response SHOWWARNING.
2: 0x4 Alarm 22280 ”Thread power--up path too short” is output.
3: 0x8 Alarms, which are triggered by the NCU LINK MODULE, are switched--in.
4: 0x10 Alarm 10883 ”Chamfer or rounding must be shortened” permitted.
5: 0x20 Alarm 20096 ”Brake test interrupted” is output.
6: 0x40 Alarm 16956 ”Program cannot be started because of global start inhibit” is output.
Alarm 14005 ”Program cannot be started because of program--specific start inhibit” is out-
put. Alarm can only be switched--in in the RESET channel state, in all other channel states,
it is output without any associated conditions.
7: 0x80 Alarm 16957 ”Stop--delay range is suppressed” is output.
8: 0x100 Alarm 1011 Fine coding 150019 or 150020 ”Incorrect axis number in the LINK”
9: 0x200 Alarm 22033 Diagnostics 1 to 6 for ”Track synchronous operation” (couplings)
10: 0x400 alarm 15122 ”PowerOn after power fail: %1 data were restored, of which %2
machine data, %3 error” is output.
11: 0x800 Alarms 10722, 10723, 10732 or 10733 are output instead of alarms 10720,
10721, 10730 or 10731.
12: 0x1000 Alarm 22033 Diagnostics greater than or equal to 7 for ”Track synchronous
operation” (couplings)
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-364 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

11415 $MN_SUPPRESS_ALARM_MASK_2
MD number Suppress alarm outputs
Default value: 0x8 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Screen form for suppressing special alarm outputs.
Bit set: corresponding alarm (warning) is not initiated.

Bit hex. Meaning

Value
=====================================================================
0: 0x1 16773 ”Channel %1 Axis %3 is following axis. The axis/spindle locks of the leading
axes are different”
1: 0x2 2100 ”NCK battery warning level reached”
2101 ”NCK battery alarm”
2102 ”NCK battery alarm”
2: 0x4 2120 ”NCK fan alarm” (ineffective on modules which do not require a fan by design)
3: 0x8 15120 ”PowerFail: Show buffer overflow”
4: 0x10 15187 ”Error during execution of PROGEVENT file”
5: 0x20 15188 ”Error during execution of ASUB file”
6: 0x40 26120 ”$AA_ESR_ENABLE = 1 and axis is to become neutral”
26121 ”Axis is neutral and $AA_ESR_ENABLE =1 is to be set”
26123 ”$AA_ESR_ENABLE = 1 is to be set, but $MA_ESR_REACTION is not set”
26124 ”$AC_TRIGGER triggered, but axis is neutral, ESR ignores this axis”
7: 0x80 10724 ”Software limit violated at start of block”
10734 ”Operating range limit violated at start of block”
10737 ”Work (WCS) operating range limit violated at start of block”
8: 0x100 14008 ”WRITE command in /_N_EXT_DIR”
10734 ”Operating range limit violated at start of block”
10737 ”Work (WCS) operating range limit violated at start of block”
9: 0x200 14006 ”Invalid program name”
10: 0x400 4006 ”Maximum number of axes that can be activated exceeded”
11: 0x800 16017 ”LIFTFAST ignores this axis, as it cannot be used for the current axis
type”
12: 0x1000 22025 ”Channel %1 Block %2 Following axis/spindle %3 Synchronism (2): Fine
tolerance exceeded”
-- Exception: The alarm is generated if for the following axis/spindle involved,
CPMALARM[FAx] Bit 8 = 0 is programmed.
22026 ”Channel %1 Block %2 Following axis/spindle %3 Synchronism (2): Coarse
tolerance exceeded”
-- Exception: The alarm is generated if for the following axis/spindle involved,
CPMALARM[FAx] Bit 9 = 0 is programmed.
13: 0x2000 22001 ”Braking ramp longer than Stop D time.”
22002 ”Braking ramp longer than Stop D time with gear stage %3 Reason %4.”
14: 0x4000 16963 ”ASUB start refused.”
15: 0x8000 21751,”Limit velocity %2 deg/min on modulo axis %1 exceeded (defective cam
output)”
21752,”Axis %1 minimum cam width cam %3 undershot at curr. velocity %2”
16: 0x10000 17212 ”Channel %1 tool management: Load manual tool %3, duplo no.%2 to
the spindle/toolholder”
17214 ”Channel %1 tool management: Remove manual tool %3 from spindle / tool holder
%2”
17215 ”Channel %1 tool management: Unload manual tool %3 from buffer location %2”
17216 ”Channel %1 unload manual tool from toolholder %4 and load manual tool %3 %2”
17: 0x20000 16771 ”Channel %1 Block %3 Following axis %2 overlaid movement not
enabled”
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-365
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

11500 $MN_PREVENT_SYNACT_LOCK
MD number Protected synchronized actions
Default value: 0.0 Min. input limit: 0 Max. input limit: 255
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Fist and last ID of a protected synchronized action area.
Synchronized actions with ID numbers that are located in the protected range, can no
longer be:
-- overwritten
-- deleted (CANCEL)
-- disabled (lock)
once they have been defined. Protected synchronized actions cannot be disabled via the
PLC either. They are indicated to the PLC as non--lockable in the interface.
Note:
Protection for synchronized actions must be cancelled while generating the synchronized
actions as otherwise, at each change, a POWER ON would be necessary in order to re--
define the logic. With 0.0, there is no area of protected synchronized actions. The function
is switched--out. The values are read as absolute values and the upper and lower values
can be specified in any sequence.

Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-366 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

11602 $MN_ASUP_START_MASK
MD number Ignore stop conditions for ASUB
Default value: 0 Min. input limit: 0 Max. input limit: 0xf
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The machine data specifies which stop reasons are to be ignored for an ASUB start. The
ASUB is started or the following stop reasons are ignored:
Bit 0:
Stop reason: Stop key, M0 or M01
If the NCK is in the reset state (or JOG mode), an ASUB is immediately started (without
this bit, an ASUB cannot be started in RESET/JOG).
NOTICE
This bit is implicitly set if, in $MN_PROG_EVENT_MASK if there is a deviation from zero in
one channel!
This bit is implicitly set, if bit 1 is set in $MN_SEARCH_RUN_MODE!
Bit 1:
Starting also permitted even if not all of the axes are referenced.
Bit 2:
Starting permitted even if a read--in inhibit is active, i.e. the blocks of the ASUB program are
immediately switched--in and executed.
This means that the machine data IGNORE_INHIBIT_ASUP becomes ineffective. The
NCK behavior corresponds to that of the machine data allocation IGNORE_INHI-
BIT_ASUP= FFFFFFFF.
When the bit is not set:
The ASUB is selected internally, but processed only when the read--in disable is canceled.
The assignment of machine data IGNORE_INHIBIT_ASUP is evaluated.
If the following also applies: IGNORE_INHIBIT_ASUP = 0, then although an ASUB is
internally initiated, the blocks of the ASUB program are only changed in when the read--in
inhibit is withdrawn.
When the ASUB is triggered, the path is immediately braked (except with the BLSYNC
option).
The read--in disable is set again in the ASUB program.
Bit 3:
Notice:
The following function can always be activated in single--channel systems.
Multi--channel systems required, in addition, bit 1 in machine data $MN_BAG_MASK. The
function is only effective for ASUBs, that were activated from the interrupted program state
(channel status reset). The function does not work in multi--channel systems without
$MN_BAG_MASK bit 1.
If an ASUB is automatically started from the JOG mode, then the user may stop in the
middle of the ASUB program.
The JOG operating mode is continuously displayed to the user.
In this situation, the user can jog as BIT 3 is set. Without bit 3, this is not possible. In this
situation, the mode change is interlocked with Alarm 16927. The user can continue the
ASUB program using the ”start” key.
It goes without saying that the user cannot jog as long as the ASUB program is running.
The user may jog again once the ASUB program has ended.
Bit 4...15: reserved

corresponds with ... MD11604 $MN_ASUP_START_PRIO_LEVEL

Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-367
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

11604 $MN_ASUP_START_PRIO_LEVEL
MD number Priorities as of which ASUP_START_MASK takes effect
Default value: 0 Min. input limit: 0 Max. input limit: 128
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies from which ASUB priority the machine data
ASUP_START_MASK is to be applied. MD ASUP_START_MASK is applied from the level
specified here up to the highest ASUB priority level 1.
corresponds with ... MD11602 %MN_ASUP_START_MASK
Additional references

13300 $MN_PROFISAFE_IN_FILTER[0...47]
MD number F useful (net) data filter IN
Default value: 0xFFFFFFFF Min. input limit: 0 Max. input limit: 0xFFFFFFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Filter between F net (useful) data and $A_INSE variables
This machine data is used to define which bits are transferred from the F net data interface
of the PROFIsafe module into the NCK for further processing.
The filtered F net data bits are pushed together inside the NCK to form a bit array without
any gaps (consecutive bit array).
Using machine data MD10388 $MN_PROFISAFE_IN_ASSIGN[n] it is then defined in
which $A_INSE variables the filtered F net data bits should be transferred.
Example:
Note: For reasons of simplicity, only 16 bits are taken into consideration.
Parameter assignment:
$MN_PROFISAFE_IN_FILTER = 1010100101000100
$MN_PROFISAFE_IN_ASSIGN = 011006
n = 16 11 6 1
|x|x|x|x|x|1|1|1|0|0|1|x|x|x|x|x|
$A_INSE[n], x = not relevant
|0|0|0|0|0|0|0|0|0|0|1|1|1|0|0|1|
NCK internal F net data image
|1|0|1|0|1|0|0|1|0|1|0|0|0|1|0|0|
$MN_PROFISAFE_IN_FILTER
|1|0|1|0|1|0|0|0|0|0|0|0|0|1|0|0|
example of a value available at the F net data interface of the PROFIsafe module
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

8-368 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

13301381 $MN_PROFISAFE_OUT_FILTER[0...47]
MD number F net (useful) data filter OUT
Default value FFFFFFFFH Min. input limit: 0 Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Filter between $A_OUTSE variables and F net (useful) data
The machine data is used to define in which F net data bits the $A_OUTSE[n] variables are
transferred.
Machine data MD10389 $MN_PROFISAFE_OUT_ASSIGN is used to define which
$A_OUTSE[n] variables are transferred into the F net data bits of the PROFIsafe module.
Example:
Note: For reasons of simplicity, only 16 bits are taken into consideration.
Parameter assignment:
$MN_PROFISAFE_OUT_FILTER = 1010100101000100
$MN_PROFISAFE_OUT_ASSIGN = 011006
n = 16 11 6 1
|x|x|x|x|x|1|1|1|1|1|1|x|x|x|x|x|
example of a value available at the $A_OUTSE variables, x = not relevant
|0|0|0|0|0|0|0|0|0|0|1|1|1|1|1|1|
NCK internal F net data image
|1|0|1|0|1|0|0|1|0|1|0|0|0|1|0|0|
$MN_PROFISAFE_OUT_FILTER
|1|0|1|0|1|0|0|1|0|1|0|0|0|1|0|0|
F net data of the PROFIsafe module
corresponds with ...
Additional references

13302 $MN_PROFISAFE_IN_ENABLE_MASK[0...1]
MD number Enable screen form of the connections to PROFIsafe input modules
Field index 0: Standard value 0 Min. input limit: 0 Max. input limit: FFFFFFFFH
Field index 1: Standard value 0 Min. input limit: 0 Max. input limit: 0000FFFFH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The machine data sets of the PROFIsafe connections to PROFIsafe input modules are
enabled using the enable screen forms.
A machine data set includes the following data:
-- MD10386 $MN_PROFISAFE_IN_ADDRESS[n]
-- MD10388 $MN_PROFISAFE_IN_ASSIGN[n]
-- MD13300 $MN_PROFISAFE_IN_FILTER[n]
-- MD13305 $MN_PROFISAFE_IN_SUBS[n]
Bit n = 0
The machine data set [n] is checked for consistency, but is however not active.
The PROFIsafe connection [n] or the slot [n] is inactive.
Bit n = 1
The machine data set [n] is active.
The PROFIsafe connection [n] or the slot [n] is active.

corresponds with ... MD10095 $MN_SAFE_MODE_MASK, bit 1

MD13304 $MN_PROFISAFE_IN_SUBS_ENAB_MASK
Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-369
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

13303 $MN_PROFISAFE_OUT_ENABLE_MASK[0...1]
MD number Enable screen form of the connections to PROFIsafe outputs modules
Field index 0: Default value 0 Min. input limit: 0 Max. input limit: FFFFFFFFH
Field index 1: Default value 0 Min. input limit: 0 Max. input limit: 0000FFFFH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The machine data sets of the PROFIsafe connections to PROFIsafe output modules are
enabled using the enable screen forms.
A machine data set includes the following data:
-- MD10387 $MN_PROFISAFE_OUT_ADDRESS[n]
-- MD10389 $MN_PROFISAFE_OUT_ASSIGN[n]
-- MD13301 $MN_PROFISAFE_OUT_FILTER[n]
Bit n = 0
The machine data set [n] is checked for consistency, but is however not active.
The PROFIsafe connection [n] or the slot [n] is inactive.
Bit n = 1
The machine data set [n] is active.
The PROFIsafe connection [n] or the slot [n] is active.
corresponds with ... MD10095 $MN_SAFE_MODE_MASK, bit 1
Additional references

13304 $MN_PROFISAFE_IN_SUBS_ENAB_MASK[0...1]
MD number Activation of the substitute value output for PROFIsafe input modules
Field index 0: Default value 0 Min. input limit: 0 Max. input limit: FFFFFFFFH
Field index 1: Default value 0 Min. input limit: 0 Max. input limit: 0000FFFFH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The substitute value output for connections to PROFIsafe input modules is enabled using
the enable screen form.
Bit n = 0
For the connection parameterized in machine data set [n], the process data of the PROFI-
safe input module are transferred into the SPL input data.
The PROFIsafe connection [n] or the slot [n] is active.
Bit n = 1
For the connection parameterized in machine data set [n], the substitute values from
$MN_PROFISAFE_IN_SUBS[n] are transferred into the SPL input data.
The PROFIsafe connection [n] or the slot [n] is passive.
corresponds with ... MD10095 $MN_SAFE_MODE_MASK, bit 1
MD13305 $MN_PROFISAFE_IN_SUBS
Additional references

© Siemens AG 2015 All Rights Reserved

8-370 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

13305 $MN_PROFISAFE_IN_SUBS[0...47]
MD number Substitute values for passive connections to PROFIsafe input modules
Default value 0 Min. input limit: 0 Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: For passive connections to PROFIsafe input modules, substitute values parameterized in
the machine data are transferred to SPL inputs ($A_INSE) parameterized using MD10388
$MN_PROFISAFE_IN_ASSIGN[n].
If the SPL inputs parameterized using MD10388 $MN_PROFISAFE_IN_ASSIGN[n] over-
lap with the SPL inputs of an active slot, then the substitute values of the passive slot are
adapted by the control so that SPL inputs are not allocated twice. The states of the signals
from the active slots have priority.
corresponds with ... MD10095 $MN_SAFE_MODE_MASK, bit 1
MD13304 $MN_PROFISAFE_IN_SUBS_ENAB_MASK
Additional references

13307 $MN_PROFISAFE_IPO_RESERVE
MD number Number of IPO clock cycles without PROFIsafe calculations
Default value 0 Min. input limit: 0 Max. input limit: 50
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The value specifies the number of IPO clock cycles per PROFIsafe clock cycles, in which
no PROFIsafe calculations should be made.
This machine data is only active if machine data MD10095 $MN_SAFE_MODE_MASK, bit
3 is set.
The number of IPO clock cycles must be selected lower than the value in machine data
MD10098 $MN_PROFISAFE_IPO_TIME_RATIO.
corresponds with ...
Additional references

13308 $MN_PROFISAFE_IN_NAME[0...47]
MD number Name of the PROFIsafe input module
Default value -- Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: STRING
Meaning: Every PROFIsafe input module can be assigned a symbolic name. If a name is assigned,
this is displayed in the alarm text instead of the PROFIsafe address.
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-371
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

13309 $MN_PROFISAFE_OUT_NAME[0...47]
MD number Name of the PROFIsafe output module
Default value -- Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: STRING
Meaning: Every PROFIsafe output module can be assigned a symbolic name. If a name is assigned,
this is displayed in the alarm text instead of the PROFIsafe address.
corresponds with ...
Additional references

13310 $MN_SAFE_SPL_START_TIMEOUT
MD number Delay, display Alarm 27097
Default value 20. Min. input limit: 1. Max. input limit: 60.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: After the control has booted, after the time has expired, Alarm 27097 is displayed if there
was no SPL start.
corresponds with ...
Additional references

13312 $MN_SAFE_SPL_USER_DATA[0...3]
MD number User data
Default value 0 Min. input limit: 0x0 Max. input limit: 0xFFFFFFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: User data is used to save user--specific information.
Using crosswise data comparison between the NCK and PLC, this data is monitored for
changes. Changes to this data are identified by the checksum calculation and signaled with
alarm 27071.
The data must match the corresponding PLC data (DB18.DBD 256 -- 268). Discrepancies
between the NCK and PLC lead to the parameterized Stops (STOP D or STOP E) being
initiated and are displayed using Alarm 27090.
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

8-372 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

13316 $MN_SAFE_GLOB_CFIG_CHANGE_DATA[0...6]
MD number Date/time of the last change SI--NCK--MD
Default value -- Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: DWORD
Meaning: Display data:
Date and time of the last configuration change of safety--related NCK machine data.
Changes made to the machine data that are calculated into the checksums MD13318
$MN_SAFE_GLOB_ACT_CHECKSUM are recorded.
corresponds with ...
Additional references

13317 $MN_SAFE_GLOB_PREV_CONFIG[0...10]
MD number Data of the previous safety configuration
Default value 0H Min. input limit: 0H Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: Siemens Unit: --
Data type: DWORD
Meaning: Buffer memory to save previous safety configuration data
Index 0: Status flag bit of the change history
Index 1: Previous value, option data
Index 2: previous value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[0]
Index 3: Last value, option data before loading default data
Index 4: last value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[0] before loading standard data
Index 5: previous value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[1]
Index 6: last value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[1] before loading standard data
Index 7: previous value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[2]
Index 8: last value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[2] before loading standard data
Index 9: previous value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[3]
Index 10: last value reference checksum MD13319 $MN_SAFE_GLOB_DES_CHECK-
SUM[3] before loading standard data

corresponds with ...

Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-373
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

13318 $MN_SAFE_GLOB_ACT_CHECKSUM[0...3]
MD number Actual checksum NCK
Default value 0H Min. input limit: 0H Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: DWORD
Meaning: Display data:
The actual checksum -- calculated after POWER ON or a RESET -- over the actual values
of safety--related machine data is entered here.
Assignment of the field indices:
Index 0: General safety parameterization, parameterization of the SPL I/O coupling
Index 1: SPL user data
Index 2: Enable I/O connection (PROFIsafe and F_SEND/F_RECV)
Index 3: PROFIsafe parameters from the S7 configuring
corresponds with ...
Additional references

13319 $MN_SAFE_GLOB_DES_CHECKSUM[0...3]
MD number Reference checksum
Default value 0H Min. input limit: 0H Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: 7/1 Unit: --
Data type: DWORD
Meaning: This machine data contains the reference checksum over the actual values of safety--
related machine data that was saved during the last machine acceptance test.
Assignment of the field indices:
Index 0: General safety parameterization, parameterization of the SPL I/O coupling
Index 1: SPL user data
Index 2: Enable I/O connection (PROFIsafe and F_SEND/F_RECV)
Index 3: PROFIsafe parameters from the S7 configuring
corresponds with ...
Additional references

13320 $MN_SAFE_SRDP_IPO_TIME_RATIO
MD number Factor F_DP communication clock cycle
Default value 10 Min. input limit: 1 Max. input limit: 65535
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Ratio between the interpolator clock cycle and the F_DP clock cycle in which F_DP
communication takes place. In the resulting time grid, OB40 on the PLC side is initiated
from the NCK to enable F_DP communication.
The value obtained for the communication clock cycle from this MD and the set IPO clock
cycle may not be greater than 250 ms.
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

8-374 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

13322 $MN_INFO_SAFE_SRDP_CYCLE_TIME
MD number Maximum F_DP communication clock cycle
Default value 0.0 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/0 Unit: s
Data type: DOUBLE
Meaning: Display data:
Displays the maximum time grid in which F_DP communication takes place for plant/
system coupling, which is operated via the OB40 on the PLC.
The value is obtained from the interpolator clock cycle and MD13320
$MN_SAFE_SRDP_IPO_TIME_RATIO.
When the set communication clock cycle is exceeded, this is also displayed here.
In the case of an incorrect parameterization (communication clock cycle exceeds the
maximum value of 250.0 ms) then the maximum value that can be set is displayed.
corresponds with ...
Additional references

13330 $MN_SAFE_SDP_ENABLE_MASK
MD number Enable screen form F_SENDDP communication relationships
Default value 0 Min. input limit: 0 Max. input limit: 0xFFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Enable screen form for the individual F_SENDDP communication relationships and their
SPL couplings.
corresponds with ...
Additional references

13331 $MN_SAFE_SDP_ID[0...15]
MD number Identifier of the F_SENDDP communication relationship
Default value 0 Min. input limit: --32768 max. input limit: +32767
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Any value that is unique throughout the network as identifier of the F_SENDDP
communication relationship.
SIMATIC block parameters: DP_DP_ID
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-375
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

13332 $MN_SAFE_SDP_NAME[0...15]
MD number Name of the F_SENDDP communication relationship
Default value -- Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: STRING
Meaning: A name can be assigned to each F_SENDDP communication relationship.
If a name is assigned, this is displayed in the alarm text instead of DP_DP_ID.
corresponds with ...
Additional references

13333 $MN_SAFE_SDP_CONNECTION_NR[0...15]
MD number Number of the F_SENDDP--SPL connection
Default value 0 Min. input limit: 0 Max. input limit: 16
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: This machine data is used to set the number of the F_SENDDP--SPL connection which is
parameterized with this data set. The F_SENDDP--SPL connection number is, at the same
time, also the index to access the system variables of the user interface of this
F_SENDDP--SPL connection.
This following applies to the following system variables:
-- $A_FSDP_ERR_REAC
-- $A_FSDP_ERROR
-- $A_FSDP_SUBS_ON
-- $A_FSDP_DIAG
Example:
MD13333 $MN_SAFE_SDP_CONNECTION_NR[2] = 3 means that the control and status
information of the F_SENDDP--SPL connection, which is parameterized via data set 2, can
be found in the system variables with the field index 3.

corresponds with ...

Additional references

13334 $MN_SAFE_SDP_LADDR[0...15]
MD number log. basis address of the input/output data area F_SENDDP
Default value 288 Min. input limit: 288 Max. input limit: 32767
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The start address of the input and output data area, parameterized in SIMATIC STEP 7,
via which the F_SENDDP of this SPL connection communicates.
SIMATIC block parameters: LADDR
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

8-376 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

13335 $MN_SAFE_SDP_TIMEOUT[0...15]
MD number Monitoring time for F_SENDDP
Default value 0.5 Min. input limit: 0.0 Max. input limit: 60
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: The monitoring time is the time within which the F_SENDDP sends a new F telegram to
F_RECVDP or F_RECVDP must have acknowledged a new F telegram. When the monito-
ring time is exceeded, F_RECVDP outputs substitute values to the SPL.
SIMATIC block parameters: TIMEOUT
corresponds with ...
Additional references

13336 $MN_SAFE_SDP_ASSIGN[0...15]
MD number Output assignment $A_OUTSE to F_SENDDP net data
Default value 0 Min. input limit: 0 Max. input limit: 192192
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The selection of the SPL signals $A_OUTSE in the F_SENDDP net data to be transferred
can only be done area for area.
The SPL area is specified in the decimal notation in the format aaa bbb
with aaa = area limit 1, SPL signal $A_OUTSE[aaa]
bbb = area limit 2, SPL signal $A_OUTSE[bbb]
Example:
$MN_SAFE_SDP_ASSIGN[0] = 001 004 or alternatively 004 001
The SPL signals $A_OUTSE[1] to $A_OUTSE[4] are transferred in the F_SENDDP net
data selected using MD13337 $MN_SAFE_SDP_FILTER[0].
corresponds with ...
Additional references

13337 $MN_SAFE_SDP_FILTER[0...15]
MD number F net data filter between $A_OUTSE and F_SENDDP
Default value 0xFFFF Min. input limit: 0 Max. input limit: 0xFFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The SPL signals, selected using MD13336 $MN_SAFE_SDP_ASSIGN are transferred in
the F_SENDDP net data signals in the sequence of the filter bits set to 1. The least signifi-
cant SPL signal at the bit position of the F_SENDDP net data of the least significant filter
bits set to 1 etc. for all selected SPL signals.
Bit x = 1
An SPL signal is transferred at the bit position x of the F_SENDDP net data.
Bit x = 0
No SPL signal is transferred at the bit position x of the F_SENDDP net data.
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-377
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

13338 $MN_SAFE_SDP_ERR_REAC[0...15]
MD number Error response F_SENDDP
Default value 0 Min. input limit: 0 Max. input limit: 3
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The error response defined here is initiated in the case of a communication error. This
value is valid as long as no other value is entered from the SPL via the system variable
$A_FSDP_ERR_REAC.
Meaning of values:
0 = Alarm 27350 + Stop D/E
1 = Alarm 27350
2 = Alarm 27351 (only display, self--clearing)
3 = No system reaction
corresponds with ...
Additional references

13340 $MN_SAFE_RDP_ENABLE_MASK
MD number Enable screen form F_RECVDP communication relationships
Default value 0 Min. input limit: 0 Max. input limit: 0xFFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Enable screen form for the individual F_RECVDP communication relationships and their
SPL couplings.
corresponds with ...
Additional references

13341 $MN_SAFE_RDP_ID[0...15]
MD number Identifier of the F_RECVDP communication relationship
Default value 0 Min. input limit: --32768 max. input limit: +32767
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Any value that is unique throughout the network as identifier of the F_RECVDP
communication relationship.
SIMATIC block parameters: DP_DP_ID
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

8-378 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

13342 $MN_SAFE_RDP_NAME[0...15]
MD number Name of the F_RECVDP communication relationship
Default value -- Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: STRING
Meaning: A name can be assigned to each F_RECVDP communication relationship.
If a name is assigned, this is displayed in the alarm text instead of DP_DP_ID.
corresponds with ...
Additional references

13343 $MN_SAFE_RDP_CONNECTION_NR[0...15]
MD number Number of the F_RECVDP--SPL connection
Default value 0 Min. input limit: 0 Max. input limit: 16
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: The number of the F_RECVDP--SPL connection, which is parameterized with this data set,
is set using the machine data. The F_RECVDP--SPL connection number is, at the same
time, also the index to access the system variables of the user interface of this
F_RECVDP--SPL connection.
This following applies to the following system variables:
-- $A_FRDP_SUBS
-- $A_FRDP_ERR_REAC
-- $A_FRDP_ERROR
-- $A_FRDP_SUBS_ON
-- $A_FRDP_ACK_REQ
-- $A_FRDP_DIAG
-- $A_FRDP_SENDMODE
Example: MD13343 $MN_SAFE_SDP_CONNECTION_NR[2] = 3 means that the control
and status information of the F_RECVDP--SPL connection, which is parameterized via data
set 2, can be found in the system variables with the field index 3.

corresponds with ...

Additional references

13344 $MN_SAFE_RDP_LADDR[0..15]
MD number log. basis address of the input/output data area, F_RECVDP
Default value 288 Min. input limit: 288 Max. input limit: 32767
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The logical basis address of the input and output data area parameterized in SIMATIC
STEP7 via which this F_RECVDP connection communicates.
SIMATIC block parameters: LADDR
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-379
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

13345 $MN_SAFE_RDP_TIMEOUT[0...15]
MD number Monitoring time for F_RECVDP
Default value 0.5 Min. input limit: 0.0 Max. input limit: 60
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: The monitoring time is the time within which the F_SENDDP sends a new F telegram to
F_RECVDP or F_RECVDP must have acknowledged a new F telegram. When the
monitoring time is exceeded, F_RECVDP outputs substitute values to the SPL.
SIMATIC block parameters: TIMEOUT
corresponds with ...
Additional references

13346 $MN_SAFE_RDP_ASSIGN[0...15]
MD number Input assignment F_RECVDP net data to $A_INSE
Default value 0 Min. input limit: 0 Max. input limit: 192192
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The selection of the SPL signals $A_INSE to be supplied from the F_RECVDP net data
can only be done area for area.
The SPL area is specified in the decimal notation in the format aaa bbb
withaaa = area limit 1, SPL signal $A_INSE[aaa]
bbb = area limit 2, SPL signal $A_INSE[bbb]
Example: $MN_SAFE_RDP_ASSIGN[0] = 001 004 or alternatively 004 001:
The F_RECVDP net data, selected using MD13347 F_RDP_FILTER[0] are transferred in
the SPL signals $A_INSE[1] to $A_INSE[4].
corresponds with ...
Additional references

13347 $MN_SAFE_RDP_FILTER[0...15]
MD number F net data filter between F_RECVDP and $A_INSE
Default value 0xFFFF Min. input limit: 0x0 Max. input limit: 0xFFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The F_RECVDP net data signals, whose corresponding filter bit is set to 1, are transferred
in the SPL signals selected using MD13346 $MN_SAFE_RDP_ASSIGN. The least signifi-
cant F_RECVDP net data signal in the least significant selected SPL signal, etc. for all
selected F_RECVDP net data signals.
Bit x = 1
The F_RECVDP net data signal of bit position x is transferred as SPL signal.
Bit x = 0
The F_RECVDP net data signal of bit position x is not transferred as SPL signal.
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

8-380 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

13348 $MN_SAFE_RDP_ERR_REAC[0...15]
MD number Error response F_RECVDP
Default value 0 Min. input limit: 0 Max. input limit: 3
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The error response defined here is initiated in the case of a communication error. This
value is valid as long as no other value is entered from the SPL via the system variable
$A_FRDP_ERR_REAC.
Meaning of values:
-- 0 = Alarm 27350 + Stop D/E
-- 1 = Alarm 27350
-- 2 = Alarm 27351 (display only, self clearing)
-- 3 = No system response
corresponds with ...
Additional references

13349 $MN_SAFE_RDP_SUBS[0...15]
MD number Substitute values in the case of an error
Default value 0 Min. input limit: 0 Max. input limit: 0xFFFF
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: In the case of a communication error, the substitute values defined here are activated in the
system variables $A_INSE assigned in this F_RECVDP--SPL connection.
This value is valid as long as no other value is entered from the SPL via the system
variable $A_FRDP_SUBS.
corresponds with ...
Additional references

13370 $MN_SAFE_MODE
MD number Safety operating mode
Default value 0 Min. input limit: 0 Max. input limit: 3
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: MD to distinguish between the safety operating modes:
0 = safety operating mode ”SINUMERIK Safety Integrated (SPL)”
1 = safety operating mode ”SINUMERIK Safety Integrated (drive--based)”
2 = safety operating mode ”SINUMERIK Safety Integrated (F_PLC) (without drive--based)”
3 = safety operating mode ”SINUMERIK Safety Integrated plus (F--PLC)”
corresponds with ...
Additional references

Only MD13370 $MN_SAFE_MODE_MASK = 0 is relevant for this documentation.

Please do not change this value.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-381
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

13372 $MN_PS_DRIVE_LOGIC_ADDR[0...30]
MD number Logical PROFIsafe drive address SI
Default value 1008, 992, 976, 960, 944, Min. input limit: 0 Max. input limit: 16383
928, 912, 896, 880, 864, 848, 832,
816, 800, 784, 768, 752, 736, 720, 704,
688, 672, 656, 640, 624, 608, 592, 576,
560, 544, 528, 512, 496, 480, 464, 448,
432, 416, 400, 384, 368, 352
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The default values of the logical basis addresses correspond to the values from the S7
default configuration.
corresponds with ...
Additional references

MD13372 $MN_PS_DRIVE_LOGIC_ADDR is not relevant for this documentation.

13374 $MN_SAFE_INFO_DRIVE_LOGIC_ADDR[0...30]
MD number Logical SIC/SCC drive address SI
Default value 5800, 5816, 5832, 5848, Min. input limit: 0 Max. input limit: 16383
5864, 5880, 5896, 5912, 5928, 5944,
5960, 5976, 5992, 6008, 6024, 6040,
6056, 6072, 6088, 6104, 6120, 6136,
6152, 6168, 6184, 6200, 6216, 6232,
6248, 6264, 6280
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Logical basis addresses for the SIC/SCC communication between NCK and drive
The default values of the logical basis addresses correspond to the values from the S7
default configuration.
corresponds with ...

13376 $MC_SAFE_INFO_TELEGRAM_TYPE[0...30]
MD number SIC/SCC telegram number
Default value 701 Min. input limit: 0 Max. input limit: 999
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Number of the SIC/SCC telegram type
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-382 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

20106 $MC_PROG_EVENT_IGN_SINGLEBLOCK
MD number Prog events ignore the single block
Default value (0x0, 0x0,...) Min. input limit: 0 Max. input limit: 0x3F
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Event--controlled program calls (prog events) can be set regarding their behavior for a
read--in disable
Bit 0 = 1:
Prog event after a part program start makes a block change without another start
Bit 1 = 1:
Prog event after a part program end makes a block change without another start
Bit 2 = 1:
Prog event after a control panel reset makes a block change without another start
Bit 3 = 1:
Prog event after power up a block change without another start
Bit 4 = 1:
Prog event after 1st start after block search makes a block change without another start
Bit 5 = 1:
Safety prog event when booting makes a block change without another start

corresponds with ...

20107 $MC_PROG_EVENT_IGN_INHIBIT
MD number Prog events ignore the read--in disable
Default value (0x0, 0x0,...) Min. input limit: 0 Max. input limit: 0x3F
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Event--controlled program calls (prog events) can be set regarding their behavior for a
read--in disable
Bit 0 = 1:
Prog event after a part program start makes a block change despite the read--in disable
Bit 1 = 1:
Prog event after a part program end makes a block change despite the read--in disable
Bit 2 = 1:
Prog event after a control panel reset makes a block change despite the read--in disable
Bit 3 = 1:
Prog event after booting makes a block change despite the read--in disable
Bit 4 = 1:
Prog event after 1st Start after block search makes block change despite the read--in disa-
ble
Bit 5 = 1:
Safety prog event when booting makes a block change despite the read--in disable

corresponds with ...

Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-383
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

20108 $MC_PROG_EVENT_MASK
MD number Event--controlled program call
Default value (0x0, 0x0,...) Min. input limit: 0 Max. input limit: 0x3F
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Parameterizes the event where the user program set with MD11620
$MN_PROG_EVENT_NAME (default setting: _N_PROG_EVENT_SPF) is implicitly called:
Bit 0 = 1: part program start
Bit 1 = 1: part program end
Bit 2 = 1: operator panel reset
Bit 3 = 1: boot
Bit 4 = 1: reserved
Bit 5 =1: safety program when booting
The user program is called using the following search path:
1. /_N_CUS_DIR/_NPROG_EVENT_SPF
2. /_N_CMA_DIR/_NPROG_EVENT_SPF
3. /_N_CST_DIR/_NPROG_EVENT_SPF
The safety program must be available at the following location:
1. 7_N_CST_DIR/_N_SAFE_SPF
In addition, after the action blocks, the user program set using MD11620
$MN_PROG_EVENT_NAME is automatically started via MD11450
$MN_SEARCH_RUN_MODE bit 1, independent of the settings in this machine data.

corresponds with ...

Additional references

20192 $MC_PROG_EVENT_IGN_PROG_STATE
MD number Do not display the execution of the prog events on the OPI
Default value (0x0, 0x0,...) Min. input limit: 0 Max. input limit: 0x3F
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Event--controlled program calls (prog events) can be influenced regarding their behavior at
the OPI interface.
The variables progStatus and chanStatus remain uninfluenced in spite of the active prog
event processing -- and stay at the old value. As a consequence, the prog event processing
can be hidden from the HMI.
Bit 0 = 1:
Reserved bit with effect
Bit 1 = 1:
Prog event after part program end does not change progStatus and chanStatus
Bit 2 = 1:
Prog event after operator panel reset does not change progStatus and chanStatus
Bit 3 = 1:
Prog event after booting does not change progStatus and chanStatus
Bit 4 = 1:
Reserved
Bit 5 = 1:
Safety prog event when booting does not change progStatus and chanStatus

corresponds with ...

Additional references

© Siemens AG 2015 All Rights Reserved

8-384 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

20700 $MC_REFP_NC_START_LOCK
MD number NC start disable without reference point
Default value TRUE Min. input limit: -- Max. input limit: --
Change becomes effective after: Reset Protection level: 7/2 Unit: --
Data type: BOOLEAN
Meaning: 0:
The NC/PLC interface signal (NC start) to start part programs or part program blocks (MDA
and save/overwrite) is effective, even if one or all axes of the channel have still not been
referenced.
In order that the still reach the correct position after the NC start, the workpiece coordinate
system (WCS) must be set to a correct value using other methods (scratching, automatic
work offset determination, etc.).
1:
Those axes, that were specified (in the application) as requiring to be referenced in the
axis--specific MD20700 $MA_REFP_CYCLE_NR (value > --1), must be referenced before
an NC start is permitted.
corresponds with ...
Additional references

28251 $MC_MM_NUM_SAFE_SYNC_ELEMENTS
MD number Number of elements for expressions in safety synchronized actions
Default value 0 Min. input limit: 0 Max. input limit: 32000
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The expressions of motion synchronizing actions are saved in storage elements in the
control system. A motion synchronizing action requires a minimum of 4 elements.
The assignments are as follows:
each operand in the condition: 1 element
each action: >= 1 element
each assignment: 2 elements
each additional operand in complex expressions: 1 element
See also: MD28250 $MC_MM_NUM_SYNC_ELEMENTS
corresponds with ...
Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-385
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36901 $MA_SAFE_FUNCTION_ENABLE
MD number Enabling safety--related functions
Default value: 0H Min. input limit: 0H Max. input limit: 0x81FFFB
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The functions for safe operation can be enabled for one axis/spindle using this machine
data.
It is only possible to enable -- on an axis--specific basis -- as many axes/spindles for safe
operation as have been enabled by the global option.
The more partial functions that are set then the more computing time the safe functions
require.
Bit 0: enable safely reduced speed, safe operating stop
Bit 1: enable safe limit switch
Bit 2: reserved for functions with absolute reference (such as SE/SN)
Bit 3: enable actual value synchronization, 2--encoder system
Bit 4: enable external ESR activation (STOP E)
Bit 5: enable SG correction
Bit 6: enable the external stop requests / external STOPs
Bit 7: enable cam synchronization
Bit 8: enable safe cam, pair 1, cam+
Bit 9: enable safe cam, pair 1, cam--
Bit 10: enable safe cams, pair 2, cam +
Bit 11: enable safe cams, pair 2, cam--
Bit 12: enable safe cams, pair 3, cam +
Bit 13: enable safe cams, pair 3, cam--
Bit 14: enable safe cams, pair 4, cam+
Bit 15: enable safe cams, pair 4, cam--
Bit 16: enable synchronization, hysteresis and filtering ”n<nx”
Bit 23: enable deactivation SBH/SG monitoring during external STOP A
Special cases, errors,... -- If bit 1 or a higher bit is set, then bit 0 must also be set since the control system
switches to a safe operational stop in response to STOP C, D or E (a parameterizing
alarm 27033 is displayed if an error is detected).
-- If an insufficient number of axes/spindles have been enabled for safe operation using
the global option, then this data may be overwritten with the value 0 when booting.
corresponds with ... Global option
Additional references /FBSIsl/ see Chapter: 5.5, ”Enabling safety--relevant functions”

36902 $MA_SAFE_IS_ROT_AX
MD number Rotary axis
Default value: FALSE Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BOOLEAN
Meaning: This data specifies whether the axis for safe operation is a rotary axis/spindle or linear axis.
= 0: Linear axis
= 1: Rotary axis/spindle
The value in this MD must be the same as in MD30300 $MA_IS_ROT_AX. If they are not
identical a parameterizing error is displayed.
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-386 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36903 $MA_SAFE_CAM_ENABLE
MD number Function enable safe cam track
Default value: 0H Min. input limit: 0H Max. input limit: 3FFF FFFFH
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: 30 safe cams can be enabled for one axis/spindle for the ”safe cam track” function using
this machine data.
The enable signals may only be issued if the cam enable is not used in MD36901
$MA_SAFE_FUNCTION_ENABLE.
The cam synchronization is automatically activated if the ”safe cam track” function is
enabled.
Bit 0: enable safe cam track, cam 1
Bit 1: enable safe cam track, cam 2
Bit 2: enable safe cam track, cam 3
Bit 3: enable safe cam track, cam 4
Bit 4: enable safe cam track, cam 5
Bit 5: enable safe cam track, cam 6
Bit 6: enable safe cam track, cam 7
Bit 7: enable safe cam track, cam 8
Bit 8: enable safe cam track, cam 9
Bit 9: enable safe cam track, cam 10
Bit 10: enable safe cam track, cam 11
Bit 11: enable safe cam track, cam 12
Bit 12: enable safe cam track, cam 13
Bit 13: enable safe cam track, cam 14
Bit 14: enable safe cam track, cam 15
Bit 15: enable safe cam track, cam 16
Bit 16: enable safe cam track, cam 17
Bit 17: enable safe cam track, cam 18
Bit 18: enable safe cam track, cam 19
Bit 19: enable safe cam track, cam 20
Bit 20: enable safe cam track, cam 21
Bit 21: enable safe cam track, cam 22
Bit 22: enable safe cam track, cam 23
Bit 23: enable safe cam track, cam 24
Bit 24: enable safe cam track, cam 25
Bit 25: enable safe cam track, cam 26
Bit 26: enable safe cam track, cam 27
Bit 27: enable safe cam track, cam 28
Bit 28: enable safe cam track, cam 29
Bit 29: enable safe cam track, cam 30
corresponds with ... MD36901 $MA_SAFE_FUNCTION_ENABLE
Additional references /FBSIsl/ see Chapter 6.8 ”Safe software cams, safe cam track (SN)

36904 $MA_SAFE_ADD_FUNCTION_MASK
MD number Enables additional functions for Safety Integrated
Default value: 0H Min. input limit: 0H Max. input limit: 1H
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Bit 0:
On the NCK side, for STOP B and C, braking is not initiated by entering ”Speed setpoint 0”.
Braking is realized on the drive side, based on the OFF3 ramp.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-387
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36905 $MA_SAFE_MODULO_RANGE
MD number Modulo value safe cams
Default value: 0.0 Min. input limit: 0.0 Max. input limit: 737280.0
Change becomes effective after: POWER ON Protection level: 7/2 Unit: Degrees
Data type: DOUBLE
Meaning: Actual value range within which safe cams for rotary axes are calculated. The axis must be
a rotary axis (MD36902 $MA_SAFE_IS_ROT_AX = 1).
0:
Modulo correction after +/-- 2048 revolutions (i.e. after 737 280 degrees)
> 0 and multiples of 360 degrees:
Modulo correction after this value e.g. value = 360 degrees --> the actual value range is
between 0 and 359.999 degrees, i.e. a modulo correction is carried out after every revolu-
tion.
Special cases, errors,... -- If the value set in this data is not 0 or a multiple of 360 degrees, then an appropriate
alarm is output when the system boots.
-- The cam positions are also checked with respect to the parameterized actual value
when the system boots. An appropriate alarm is output if parameterization errors are
detected.
-- Actual value ranges set in MD36905 $MA_SAFE_MODULO_RANGE and MD30330
$MA_MODULO_RANGE must be a multiple integer.
corresponds with ... MD30330 $MA_MODULO_RANGE
MD36935 $MA_SAFE_CAM_POS_PLUS[n]
MD36937 $MA_SAFE_CAM_POS_MINUS[n]
Additional references /FBSI/ see Chapter 6.8: ”Safe software cams, safe cam track (SN)”

36906 $MA_SAFE_CTRLOUT_MODULE_NR
MD number SI drive assignment
Default value: 1, 2, 3.. Min. input limit: 0 Max. input limit: 31
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: Assignment of the drive for SI Motion monitoring functions
The entry refers to data array MD10393 $MN_SAFE_DRIVE_LOGIC_ADDRESS. The
same drive must be assigned, that was also selected using MD30110
$MA_CTRLOUT_MODULE_NR and MD13050 $MN_DRIVE_LOGIC_ADDRESS.
Special cases, errors,...
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-388 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36907 $MA_SAFE_DRIVE_PS_ADDRESS
MD number PROFIsafe address of the drive
Default value: 0 Min. input limit: 0 Max. input limit: 65534
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: DWORD
Meaning: This NCK--MD contains the PROFIsafe address of the drive assigned to this axis. This MD
is read out of drive parameter p9810 when booting. The address must be unique across all
of the axes.
This MD cannot be written to; the PROFIsafe address must be parameterized in the drive.
The value of this MD is incorporated in the calculation of MD36998
$MA_SAFE_ACT_CHECKSUM[2].
Special cases, errors,...
corresponds with ...

36909 $MA_SAFE_ENC_MEAS_STEPS_RESOL
MD number Resolution measuring steps for linear absolute encoders
Default value: 0.0001 Min. input limit: 0 Max. input limit: 4295
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm
Data type: DOUBLE
Meaning: Sets the absolute position resolution for a linear absolute encoder.
When booting -- for linear DRIVE--CLiQ encoders -- this information is read--out of drive
parameter r0469 and is then compared with the last value saved here. This MD is then
overwritten. Alarm 27036 is output if they are not equal.
The value of this MD is incorporated in the checksum calculation of MD36998
$MA_SAFE_ACT_CHECKSUM[0].
Special cases, errors,...
corresponds with ... MD36913 $MA_SAFE_ENC_MEAS_STEPS_POS1
MD36917 $MA_SAFE_ENC_GRID_POINT_DIST

36912 $MA_SAFE_ENC_INPUT_NR
MD number Actual--value assignment
Default value: 1 Min. input limit: 1 Max. input limit: 3
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: Number of the actual value input via which the safety--relevant actual values are acquired.
Special cases, errors,...
corresponds with ... p9526, p0189

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-389
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36913 $MA_SAFE_ENC_MEAS_STEPS_POS1
MD number Non--safety--related measuring steps POS1.
Default value: 22000 Min. input limit: 0 Max. input limit: 4294967295
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Sets the non--safety--related measuring steps of position value POS1.
When booting -- for linear DRIVE--CLiQ encoders -- this information is read--out of drive
parameter r0473 and is then compared with the last value saved here. This MD is then
overwritten. Alarm 27036 is output if they are not equal.
The value of this MD is incorporated in the checksum calculation of MD36998
$MA_SAFE_ACT_CHECKSUM[0].
Special cases, errors,...
corresponds with ... MD36909 $MA_SAFE_ENC_MEAS_STEPS_RESOL
MD36917 $MA_SAFE_ENC_GRID_POINT_DIST

36914 $MA_SAFE_SINGLE_ENC
MD number SI single--encoder system
Default value: TRUE Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BOOLEAN
Meaning: ID that SI is carried out with an encoder. If different encoders are used for the Safety
Integrated monitoring functions in the drive and in the NCK, then this MD must be para-
meterized to be 0.
Special cases, errors,...
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-390 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36916 $MA_SAFE_ENC_IS_LINEAR
MD number Linear encoder
Default value: FALSE Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BOOLEAN
Meaning: This MD specifies whether a linear or a rotary encoder is connected.
= 0:
The rotary encoder is connected, its resolution is specified using MD36918
$MA_SAFE_ENC_RESOL -- and converted over to the load side using MD36920
$MA_SAFE_ENC_GEAR_PITCH, MD36921 $MA_SAFE_ENC_GEAR_DENOM[n] and
MD36922 $MA_SAFE_ENC_GEAR_NUMERA[n].
MD36917 $MA_SAFE_ENC_GRID_POINT_DIST is of no significance.
= 1:
Linear encoder is connected, MD36917 $MA_SAFE_ENC_GRID_POINT_DIST is used to
specify its resolution.
MD36918 $MA_SAFE_ENC_RESOL, MD36920 $MA_SAFE_ENC_GEAR_PITCH,
MD36921 $MA_SAFE_ENC_GEAR_DENOM[n] and MD36922
$MA_SAFE_ENC_GEAR_NUMERA[n] are of no significance.
If the value changes then Alarm 27036 is output.

corresponds with ... For 0:

MD36918 $MA_SAFE_ENC_RESOL
MD36920 $MA_SAFE_ENC_GEAR_PITCH
MD36921 $MA_SAFE_ENC_GEAR_DENOM[n]
MD36922 $MA_SAFE_ENC_GEAR_NUMERA[n]
For 1:
MD36917 $MA_SAFE_ENC_GRID_POINT_DIST

36917 $MA_SAFE_ENC_GRID_POINT_DIST
MD number Grid spacing, linear scale
Default value: 0.01 Min. input limit: 0.00001 Max. input limit: 250
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm
Data type: DOUBLE
Meaning: This MD specifies the grid spacing of the linear scale used here.
Not relevant for rotary encoders.
If the value changes then Alarm 27036 is output.
corresponds with ...

36918 $MA_SAFE_ENC_RESOL
MD number Encoder pulses per revolution
Default value: 2048 Min. input limit: 1 Max. input limit: 100000000
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This MD specifies the number of pulses per revolution for a rotary encoder.
Not relevant for a linear encoder.
If the value changes then Alarm 27036 is output.
corresponds with ...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-391
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36919 $MA_SAFE_ENC_PULSE_SHIFT
MD number Shift factor of the encoder multiplication
Default value: 11 Min. input limit: 2 Max. input limit: 18
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: BYTE
Meaning: Shift factor of the multiplication (resolution) of the encoder, that is used for the Safety
Integrated monitoring functions in the NCK. The encoder value must be divided by 2 so
many times in order to obtain the number of encoder pulses. A shift factor of 11 corre-
sponds to an encoder multiplication by a factor of 2048. If the drive provides this informa-
tion (r0979[3,13,23]), then this MD is automatically internally assigned a value after the
drive has run up. If the value changes then Alarm 27036 is output.
corresponds with ...

36920 $MA_SAFE_ENC_GEAR_PITCH
MD number Leadscrew pitch
Default value: 10.0 Min. input limit: 0.1 Max. input limit: 10000.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm
Data type: DOUBLE
Meaning: Gear ratio of the gearbox (gear) between the encoder and load for a linear axis with rotary
encoder.
corresponds with ...

36921 $MA_SAFE_ENC_GEAR_DENOM[0...7]
MD number Denominator, gearbox ratio encoder/load
Default value: 1 Min. input limit: 1 Max. input limit: 2147000000
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Denominator of the gear between encoder and load, i.e. the denominator of the fraction
number of encoder revolutions / number of load revolutions
n = 0, 1, ... , 7 stands for gearbox stage 1, 2, ... 8
The actual value is selected using safety--related input signals (SGE).
corresponds with ... MD36922 $MA_SAFE_ENC_GEAR_NUMERA[n]

36922 $MA_SAFE_ENC_GEAR_NUMERA[0...7]
MD number Numerator, gearbox ratio encoder/load
Default value: 1 Min. input limit: 1 Max. input limit: 2 147 000 000
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Numerator of the gear between encoder and load, i.e. the numerator of the fraction number
of encoder revolutions / number of load revolutions”
n = 0, 1, ... 7 stands for gearbox stage 1, 2, ... 8
The actual value is selected using safety--related input signals (SGE).
corresponds with ... MD36921 $MA_SAFE_ENC_GEAR_DENOM[n]

© Siemens AG 2015 All Rights Reserved

8-392 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36923 $MA_SAFE_INFO_ENC_RESOL[0...7]
MD number Safety--relevant encoder resolution
Default value: 0.0 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/-- Unit: mm, degrees
Data type: DOUBLE
Meaning: Display data
Resolution of the encoder being used in the particular gear stage for the Safety Integrated
monitoring functions. With this accuracy, for a single--encoder system, safety--related posi-
tions can be monitored. If different encoders are used for the Safety Integrated monitoring
functions in the drive and in the NCK, then this MD is 0.
corresponds with ...

36924 $MA_SAFE_ENC_NUM_BITS[0...3]
MD number Bit information of the redundant actual value
Default value: 16,2,16,16 Min. input limit: --16 Max. input limit: 32
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: DWORD
Meaning: Information about the redundant actual value:
-- Field index 0: Number of valid bits of the redundant actual value
-- field index 1: Number of bits of the fine resolution of the redundant actual value
-- field index 2: Number of relevant bits of the redundant actual value
-- field index 3: Most significant bit of the redundant coarse position
This information is read--out when booting (for DRIVE--CLiQ encoders, from the drive para-
meters r0470, r0471, r0472 and r0475, for SMI/SMC/SME encoders, the default values
apply) and compared with the values that were last saved here. This MD is then over-
written. Alarm 27035 or 27036 is output if they are not equal.
If the combination of some values is incorrect, or if the number of relevant bits (index 2) is
equal to 0, then Alarm 27038 is output.
The values from MD36924 $MA_SAFE_ENC_NUM_BITS[0,1] are incorporated in the
calculation of MD36998 $MA_SAFE_ACT_CHECKSUM[1]. The values from MD36924
$MA_SAFE_ENC_NUM_BITS[2,3] are incorporated in the calculation of MD36998
$MA_SAFE_ACT_CHECKSUM[0].
If the combination of some values is incorrect, or if the number of relevant bits (index 2) is
equal to 0, then Alarm 27038 is output.

corresponds with ...

36925 $MA_SAFE_ENC_POLARITY
MD number Direction reversal actual value
Default value: 1 Min. input limit: --1 Max. input limit: 1
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Using this data, the direction of the actual value can be reversed.
= --1: Direction reversal
= 0: no direction reversal or
= 1: no direction reversal
corresponds with ...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-393
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36927 $MA_SAFE_ENC_MOD_TYPE
MD number Encoder evaluation type
Default value: 1 Min. input limit: 0 Max. input limit: 255
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: BYTE
Meaning: Type of the encoder evaluation of this axis used for Safety Integrated.
= 1: Sensor Module (SMI, SMC, SME)
= 2: DRIVE--CLiQ encoder
= 3 EnDat 2.2 converter
This type is read out of drive parameter r9527 when booting. If a valid value has not been
entered, alarm 27038 is output. If the drive parameter contains a valid value, then this is
compared with the last value saved in this MD. This MD is then overwritten. Alarm 27035 is
output if they are not equal. The value of this MD is incorporated in the calculation of
MD36998 $MA_SAFE_ACT_CHECKSUM[1].
corresponds with ...

36928 $MA_SAFE_ENC_IDENT[0...2]
MD number Encoder identification
Default value: 0 Min. input limit: 0 Max. input limit: FFFFFFFF
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: DWORD
Meaning: Identification of the encoder evaluation of this axis used for Safety Integrated. When boot-
ing, the encoder evaluation (drive parameter r9881) reads out this identification and com-
pares with the last value saved here. This MD is then overwritten. The value of this MD is
incorporated in the calculation of MD36998 $MA_SAFE_ACT_CHECKSUM[1].
corresponds with ... r9881 SI Motion Sensor Module Node Identifier second channel

© Siemens AG 2015 All Rights Reserved

8-394 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36929 $MA_SAFE_ENC_CONF
MD number Configuration of the redundant actual value
Default value: 0 Min. input limit: 0 Max. input limit: 7FFFFFFFH
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: DWORD
Meaning: Configuration of the redundant actual value:
Bit 0: Up--down counter
= 0: Down counter
= 1: Up counter
Bit 1: Encoder CRC: Processing the redundant coarse position
= 0: most significant byte first
= 1: least significant byte first
Bit 2: Redundant coarse position MSB/LSB justified
= 0: Redundant coarse position LSB justified
= 1: Redundant coarse position MSB justified
Bit 4: Binary comparison not possible
= 0: Binary comparison possible
= 1: Binary comparison not possible
When booting -- for DRIVE--CLiQ encoders -- this information is read--out of drive parameter
r0474 (the default values apply for SMI/SMC/SME encoders) and is then compared with the
last value saved here. This MD is then overwritten. Alarm 27035 is output if they are not
equal. The value of this MD is incorporated in the calculation of MD36998
$MA_SAFE_ACT_CHECKSUM[1].
If, in drive parameter r0474 an unknown bit is set, then Alarm 27038 is output. The alarm
output in this position can be hidden using the MD $MN_SAFE_DIAGNOSIS_MASK, bit 3
= 1.

corresponds with ...

36930 $MA_SAFE_STANDSTILL_TOL
MD number Standstill tolerance
Default value: 1.0 Min. input limit: 0.0 Max. input limit: 100.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/inch, degrees
Data type: DOUBLE
Meaning: This MD specifies the tolerance for a safe operating stop.
If the difference between the position limit value and position actual value is greater than
the tolerance set here when a safe operating stop is selected, then the control system out-
puts Alarm 27010 with STOP B.
The position limit value is the position actual value at the instant that a safe operating stop
is selected.
corresponds with ... MD36956 $MA_SAFE_PULSE_DISABLE_DELAY

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-395
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36931 $MA_SAFE_VELO_LIMIT[0...3]
MD number Limit value for safely reduced speed
Default value: 2000. Min. input limit: 0.0 Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/min, inch/min,
rev/min
Data type: DOUBLE
Meaning: This MD defines the limit values for safely reduced speeds 1, 2, 3 and 4.
When SG1, SG2, SG3 or SG4 is selected and the actual speed exceeds this limit value,
then the control system outputs Alarm 27011 with the stop response configured in
MD36961 $MA_SAFE_VELO_STOP_MODE or MD36963 $MA_SAFE_VELO_STOP_
REACTION.
n = 0, 1, 2, 3 stands for the limit value of SG1, SG2, SG3, SG4
Special cases, errors,... When SBH/SG is active in a 1--encoder system, the speed is monitored corresponding to
the encoder limit frequency. An appropriate alarm is output if this limit is exceeded.
corresponds with ... MD36961 $MA_SAFE_VELO_STOP_MODE
MD36963 $MA_SAFE_VELO_STOP_REACTION

36932 $MA_SAFE_VELO_OVR_FACTOR[0...15]
MD number SG selection values
Default value: 100 Min. input limit: 1 Max. input limit: 100
Change becomes effective after: POWER ON Protection level: 7/2 Unit:%
Data type: DOUBLE
Meaning: Limit value corrections for the safely reduced speeds 2 and 4 can be selected using SGEs
and the associated correction value (percentage value) set using this MD.
n = 0, 1, ... , 15 stands for correction 0, 1, ... 15
Note
S The function ”correction, safely reduced speed” is enabled using MD36901
$MA_SAFE_FUNCTION_ENABLE.
S This correction has no effect for the limit values associated with safely reduced speeds
1 and 3.
Special cases, errors,...
corresponds with ... MD36978 $MA_SAFE_OVR_INPUT[n]
MD36931 $MA_SAFE_VELO_LIMIT[n]
Additional references /FBSIsl/ see Chapter 6.5.4: ”Override for safely reduced speed”

© Siemens AG 2015 All Rights Reserved

8-396 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36933 $MA_SAFE_DES_VELO_LIMIT[0...3]
MD number SG setpoint speed limiting
Default value: 0 Min. input limit: 0 Max. input limit: 100
Change becomes effective after: RESET Protection level: 7/2 Unit:%
Data type: DOUBLE
Meaning: Evaluation factor to define the setpoint speed limit.
The selection of the active evaluation factor is realized using the axis specific NC/PLC
interface DB3x.DB34.0 and .1
Parameter assignment:
This MD may have to be altered several times before an optimum setting for the dynamic
response of the drives is found.
Effect of SI monitoring with NCK involvement:
-- When 0% is entered the setpoint speed limiting is not active.
-- When 100% is entered, the setpoint is limited to the active SG stage
-- The active actual speed limit value is evaluated using this factor and is entered into the
interpolator as setpoint limit.
-- When SBH is selected, a setpoint of 0 is entered.
-- This data is not included in the crosswise data comparison with the drive.
-- This data is not included in the axis--specific checksum MD36998
$MA_SAFE_ACT_CHECKSUM[ ] as it involves a 1--channel function.

Special cases, errors,... If, from the PLC user program, there is no input to select the evaluation factor, then MD
value from MD36933 $MA_SAFE_DES_VELO_LIMIT[0] becomes active.
corresponds with ...
Additional references See Chapter : 11.1 ”Limiting the setpoint velocity”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-397
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36934 $MA_SAFE_POS_LIMIT_PLUS[0...1]
MD number Upper limit value for safe limit position
Default value: 100000. Min. input limit: --2147000. Max. input limit: 2147000.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm, inches,
degrees
Data type: DOUBLE
Meaning: This MD specifies the upper limit value for safe end positions 1 and 2.
When SE1 or SE2 is selected and the actual position exceeds this limit, then the control
system outputs Alarm 27012 with the stop response configured in
$MA_SAFE_POS_STOP_MODE and changes over into the SBH mode.
If SBH is violated, STOP B and A are initiated as stop response.
n = 0, 1 stand for the upper limit value of SE1, SE2
Special cases, errors,... If a lower or identical value is entered in MD36934 $MD_SAFE_POS_LIMIT_PLUS[n] than
in MD36935 $MA_SAFE_POS_LIMIT_MINUS[n], then a parameterizing error is displayed.
corresponds with ... MD36962 $MA_SAFE_POS_STOP_MODE
MD36935 $MA_SAFE_POS_LIMIT_MINUS[n]
MD36901 $MA_SAFE_FUNCTION_ENABLE
Additional references /FBSIsl/ see Chapter 6.7: ”Safe software limit switches (SE)”

36935 $MA_SAFE_POS_LIMIT_MINUS[0...1]
MD number Lower limit value for safe limit position
Default value: --100 000 Min. input limit: --2 147 000 Max. input limit: 2 147 000
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm, inches,
degrees
Data type: DOUBLE
Meaning: This MD specifies the lower limit value for safe end positions 1 and 2.
When SE1 or SE2 is selected and the actual position is less than this limit value, then the
control system outputs Alarm 27012 with the stop response configured in MD36962
$MA_SAFE_POS_STOP_MODE and changes over into the SBH mode.
If SBH is violated, STOP B and A are initiated as stop response.
n = 0, 1 stand for the lower limit value of SE1, SE2
Special cases, errors,... If a lower or identical value is entered in MD36934 $MD_SAFE_POS_LIMIT_PLUS[n] than
in MD36935 $MA_SAFE_POS_LIMIT_MINUS[n], then a parameterizing error is displayed.
corresponds with ... MD36962 $MA_SAFE_POS_STOP_MODE
MD36934 $MA_SAFE_POS_LIMIT_PLUS[n]
Additional references /FBSIsl/ see Chapter 6.7: ”Safe software limit switches (SE)”

36936 $MA_SAFE_CAM_POS_PLUS[0...29]
MD number Plus cams position for safe cams
Default value: 10. Min. input limit: --2147000. Max. input limit: 2147000.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm, inches,
degrees
Data type: DOUBLE
Meaning: This MD specifies the plus cam position for safe cams SN1+, SN2+, SN3+, ...
For the ”safe cams” function, the following applies:
If the actual position is greater than this value when the safe cam function is active
(MD36901 $MA_SAFE_FUNCTION_ENABLE), then the appropriate safety--relevant output
signal (SGA) is set to 1.
If the actual position falls below this value, SGA is set to 0.
n = 0, 1, 2, 3 stand for the plus cam position of SN1+, SN2+, SN3+, SN4+

© Siemens AG 2015 All Rights Reserved

8-398 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36936 $MA_SAFE_CAM_POS_PLUS[0...29]
MD number Plus cams position for safe cams
For the ”safe cam track” function, the following applies:
If the ”safe cam track” function is enabled (MD36903 $MA_SAFE_CAM_ENABLE), then
the safety--related output signals ”cam track” and ”cam range” are set corresponding to the
parameterization in MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n].
n = 0 ... 29 stand for the plus cam position of SN1+, ..., SN30+
corresponds with ... MD36901 $MA_SAFE_FUNCTION_ENABLE
MD36903 $MA_SAFE_CAM_ENABLE
MD36937 $MA_SAFE_CAM_POS_MINUS[n]
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]
MD36988 $MA_SAFE_CAM_PLUS_OUTPUT[n]
MD37900 $MA_SAFE_CAM_TRACK_OUTPUT[n]
MD37901/37902/37903/37904 $MA_SAFE_CAM_RANGE_OUTPUT_1/2/3/4[n]
MD37906/37907/37908/37909 $MA_SAFE_CAM_RANGE_BIN_OUTPUT_1/2/3/4[m]
Additional references /FBSIsl/ see Chapter 6.8: ”Safe software cams, safe cam track (SN)”

36937 $MA_SAFE_CAM_POS_MINUS[0...29]
MD number Minus cams position for safe cams
Default value: --10. Min. input limit: --2147000. Max. input limit: 2147000.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm, inches,
degrees
Data type: DOUBLE
Meaning: This MD specifies the minus cam position for safe cams SN1--, SN2--, SN3--, ...
For the ”safe cams” function, the following applies:
If the actual position is greater than this value when the safe cam function is active
(MD36901 $MA_SAFE_FUNCTION_ENABLE), then the appropriate safety--relevant output
signal (SGA) is set to 1.
If the actual position falls below this value, SGA is set to 0.
n = 0, 1, 2, 3 stand for the minus cam position of SN1--, SN2--, SN3--, SN4--
For the ”safe cam track” function, the following applies:
If the ”safe cam track” function is enabled (MD36903 $MA_SAFE_CAM_ENABLE), then
the safety--related output signals ”cam track” and ”cam range” are set corresponding to the
parameterization in MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n].
n = 0 ... 29 stand for the plus cam position of SN1--, ..., SN30--
corresponds with ... MD37901 $MA_SAFE_CAM_RANGE_OUTPUT_1[n]
MD36903: $MA_SAFE_CAM_ENABLE
MD36936 $MA_SAFE_CAM_POS_PLUS[n]
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]
MD36989 $MA_SAFE_CAM_MINUS_OUTPUT[n]
MD37900 $MA_SAFE_CAM_TRACK_OUTPUT[n]
MD37901/37902/37903/37904 $MA_SAFE_CAM_RANGE_OUTPUT_1/2/3/4[n]
MD37906/37907/37908/37909 $MA_SAFE_CAM_RANGE_BIN_OUTPUT_1/2/3/4[m]
Additional references See Chapter 6.8: ”Safe software cams, safe cam track (SN)”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-399
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36938 $MA_SAFE_CAM_TRACK_ASSIGN[0...29]
MD number Cam track assignment
Default value: Min. input limit: 100 Max. input limit: 414
100, 101, ... , 114; 200, 201, ..., 214
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Assigns the individual cams to a maximum of 4 cam tracks including defining the numerical
value for the SGA ”cam range”.
The ”hundreds” position defines which cam track is assigned to the cams. Valid values are
1, 2 or 3 or 4.
The ”tens” and ”ones” positions contain the numerical value that should be signaled to the
safe logic as SGA ”cam range” and processed there. Valid values are 0 to 14, whereby
each numerical value may only be used once for each cam.
Therefore the valid value range of this machine data is:
100...114, 200...214, 300...314, 400...414
Examples:
MD36938[0] = 207: Cam 1 (index 0) is assigned to cam track 2. If the position is in the
range of this cam, then 7 is entered in the SGA ”cam range” of the 2nd cam track.
MD36938[5] = 100: Cam 6 (index 5) is assigned to cam track 1. If the position is in the
range of this cam, then 0 is entered in the SGA ”cam range” of the 1st cam track.

corresponds with ... MD36903 $MA_SAFE_CAM_ENABLE

MD36936 $MA_SAFE_CAM_POS_PLUS[n]
MD36937 $MA_SAFE_CAM_POS_MINUS[n]
MD37900 $MA_SAFE_CAM_TRACK_OUTPUT[n]
MD37901/37902/37903/37904 $MA_SAFE_CAM_RANGE_OUTPUT_1/2/3/4[n]
MD37906/37907/37908/37909 $MA_SAFE_CAM_RANGE_BIN_OUTPUT_1/2/3/4[m]
Additional references See Chapter 6.8: ”Safe software cams, safe cam track (SN)”

36940 $MA_SAFE_CAM_TOL
MD number Tolerance for safe cams
Default value: 0.1 Min. input limit: 0.001 Max. input limit: 10.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm, inches,
degrees
Data type: DOUBLE
Meaning: Due to the different mounting locations of the encoders and variations in clock cycle and
signal transit (propagation times), the cam signals of the two monitoring channels never
switch at precisely the same position and never simultaneously.
This data specifies the tolerances for all cams as a load--side distance. The monitoring
channels may have different signal states for the same cam within this tolerance bandwidth
without generating Alarm 27001.
Recommendation:
Enter the same value as in MD36942 $MA_SAFE_POS_TOL or slightly higher.
Special cases, errors,...
Additional references See Chapter 6.8: ”Safe software cams, safe cam track (SN)”

© Siemens AG 2015 All Rights Reserved

8-400 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36942 $MA_SAFE_POS_TOL
MD number Tolerance, actual value comparison (crosswise)
Default value: 0.1 Min. input limit: 0.001 Max. input limit: 360.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm, inches,
degrees
Data type: DOUBLE
Meaning: Due to the fact that encoders are not mounted at identical locations and the effect of back-
lash, torsion, leadscrew errors etc. the actual positions sensed simultaneously by the NCK
and drive may differ from one another.
The tolerance bandwidth for the crosswise comparison of the actual positions in the two
monitoring channels is specified in this machine data.
Special cases, errors,... When defining this tolerance value, primarily the values from the machine--specific risk
analysis must be taken into account.
Stop response STOP F is activated when the tolerance bandwidth is violated.

36944 $MA_SAFE_REFP_POS_TOL
MD number Tolerance, actual value comparison (referencing)
Default value: 0.01 Min. input limit: 0.0 Max. input limit: 36.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm, inches,
degrees
Data type: DOUBLE
Meaning: This machine data specifies the tolerance for checking the actual values after referencing
(for incremental encoders) or when powering--up (for absolute encoders).
An absolute actual axis position is determined by referencing. A second absolute actual
position is calculated from the last stop position that was saved prior to the control being
powered--down and the distance traversed since power--on. The control system checks the
actual values after referencing on the basis of these two absolute positions, the traversed
distance and this machine data.
The following factors must be taken into consideration when calculating tolerance values:
Backlash, leadscrew errors, compensation factors (max. compensation values for SSFK,
sag and temperature compensation), temperature errors, torsion (2--encoder system), gear-
box tolerance for selector gearboxes, coarser resolution (2--encoder system), oscillating
distance/range for selector gearboxes.
Note:
If the two absolute actual positions deviate from one another by more than the value set in
this data -- with a valid user agreement -- then Alarm 27001 is output with Fault code 1003
and a new user agreement is required for referencing.

Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-401
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36945 $MA_SAFE_VELO_X_FILTER_TIME
MD number Filter time n< nx
Default value: 0.0 Min. input limit: 0.0 Max. input limit: 0.5
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: Sets the filter time for generating the SGA n<nx.
The filtering must be activated by setting bit 16 in MD36901 $MA_SAFE_FUNC-
TION_ENABLE to 1.
With default value 0, filtering is not active.
By parameterizing a filter time not equal to 0, the response time of the
SGA n<nx.
corresponds with ... MD36946 $MA_SAFE_VELO_X
MD36947 $MA_SAFE_VELO_X_HYSTERESIS
Additional references /FBSIsl/ see Chapter 6.6: ”Safe speed range identification n < nx”

36946 $MA_SAFE_VELO_X
MD number Speed limit n<nx
Default value: 20. for mm/min, inch/min Min. input limit: 0. Max. input limit: 1000.
Default value: 20. for rpm Min. input limit: 0. Max. input limit: 1000.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/min, inch/min,
rev/min
Data type: DOUBLE
Meaning: This machine data defines the limit speed nx for the SGA ”n < nx”.
If this velocity limit is fallen below, SGA ”n < nx” is set.
If this machine data has a value of 0, then function ”n<nx”is not active.
Note: To evaluate the SGA ”n<nx” an I/O assignment must be made using MD36985
$MA_SAFE_VELO_X_STATUS_OUTPUT.
corresponds with ...
Additional references /FBSIsl/ see Chapter 6.6: ”Safe speed range identification n < nx”

36947 $MA_SAFE_VELO_X_HYSTERESIS
MD number Speed hysteresis n<nx
Default value: 10. for mm/min, inch/min Min. input limit: 0. Max. input limit: 500.
Default value: 10 for rpm Min. input limit: 0. Max. input limit: 500.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/min, inch/min,
rev/min
Data type: DOUBLE
Meaning: Sets the hysteresis threshold for generating the SGA n<nx.
In addition to the hysteresis, this MD is also used to check the speed in the two monitoring
channels against threshold nx. As a maximum it can be different by the value of this MD,
otherwise, Stop F with fault identifier 2 is output.
The following must apply: MD36947 $MA_SAFE_VELO_X_HYSTERESIS less than or
equal to 3/4 MD36946 $MA_SAFE_VELO_X
The function ”Synchronization ”n < nx”, hysteresis and filtering” must be active (MD36901
$MA_SAFE_FUNCTION_ENABLE, bit 16 = 1).
corresponds with ... MD36945 $MA_SAFE_VELO_X_FILTER_TIME
MD36946 $MA_SAFE_VELO_X
Additional references /FBSIsl/ see Chapter 6.6: ”Safe speed range identification n < nx”

© Siemens AG 2015 All Rights Reserved

8-402 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36948 $MA_SAFE_STOP_VELO_TOL
MD number Speed tolerance for safe acceleration monitoring
Default value: 300. for mm/min, inch/ Min. input limit: 0. Max. input limit: 120000.
min Min. input limit: 0. Max. input limit: 20000.
Default value: 50. for rpm
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/min, inch/min,
rev/min
Data type: DOUBLE
Meaning: Actual speed tolerance for safe acceleration monitoring (SBR).
After the safe acceleration monitoring has been activated (by initiating a Stop B or C), then
this tolerance is applied to the actual speed.
It is not permissible that the actual velocity is greater than the limit that is therefore speci-
fied.
Otherwise, a Stop A will be initiated. This means that if the drive accelerates, this will be
identified very quickly.
corresponds with ...
Additional references /FBSIsl/ see Chapter 6.4: ”Safe acceleration monitoring (SBR)”
(a recommended setting and setting formula are specified in this Chapter).

36949 $MA_SAFE_SLIP_VELO_TOL
MD number Speed tolerance, slip
Default value: 6. for mm/min, inch/min Min. input limit: 0. Max. input limit: 1000.
Default value: 1. for rpm Min. input limit: 0. Max. input limit: 1000.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/min, inch/min,
rev/min
Data type: DOUBLE
Meaning: Speed/velocity difference that, for a 2--encoder system, is tolerated between the motor and
load sides without the crosswise data comparison between the drive and NCK signaling an
error.
MD36949 $MA_SAFE_SLIP_VELO_TOL is only evaluated, if MD36901
$MA_SAFE_FUNCTION_ENABLE, bit 3 is set.
corresponds with ...
Additional references,... See Chapter 5.4.6: Actual value synchronization

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-403
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36950 $MA_SAFE_MODE_SWITCH_TIME
MD number Tolerance time for SGE changeover
Default value: 0.5 Min. input limit: 0.0 Max. input limit: 10.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: SGE changeover operations do not take effect simultaneously owing to variations in run
times (propagation times) for SGE data transmission in the two monitoring channels.
A crosswise data comparison would, in this case, output an error message.
This data is used to specify the period of time after SGE changeover operations during
which no crosswise comparison of actual values and monitoring results is carried out
(machine data is still compared!). The selected monitoring functions continue to operate
unhindered in both monitoring channels.
A safety--related function is immediately activated in a monitoring channel if selection or
changeover is detected in this channel.
The different run time (propagation time) is mainly caused by the PLC cycle time.
System--related minimum tolerance time 2 x PLC cycle time (maximum cycle) + 1 x IPO
cycle time.
The variations in the run times in the external circuitry (e.g. relay operating times) must also
be taken into account.

Special cases, errors,...

Additional references See Chapter 7.1: ”Safety--relevant input/output signals (SGE/SGA)”

36951 $MA_SAFE_VELO_SWITCH_DELAY
MD number Delay time, speed changeover
Default value: 0.1 Min. input limit: 0.0 Max. input limit: 600.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: A timer with this value is started when changing from a higher to a lower safely reduced
speed -- or when a safe operating stop is selected when the safely reduced speed function
is active.
While the timer is running, the speed continues to be monitored against the last selected
speed limit value. During this period, the axis/spindle can be braked, for example, from the
PLC user program, without the monitoring function signaling an error and initiating a stop
response.
Special cases, errors,... 1. The timer is immediately interrupted as soon as a higher or identical SG limit (i.e. to
that which was previously active) is selected.
2. The timer is immediately interrupted if ”non--safe operation” (SGE ”deselect SBH/
SG=1) is selected.
3. The timer is re--triggered (restarted) if, while the timer is running, a changeover is made
to a lower SG limit than was previously active or to SBH.
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-404 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36952 $MA_SAFE_STOP_SWITCH_TIME_C
MD number Transition time, STOP C to safe standstill
Default value: 0.1 Min. input limit: 0.0 Max. input limit: 600.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: This machine data defines the time period between the initiation of a STOP C and the
activation of a safe operating stop.
The parameterized value must be selected as low as possible.
After the time has expired, the drive is monitored for a safe operating stop. If the axis/
spindle was still not able to be stopped, STOP B is initiated.
corresponds with ...

36953 $MA_SAFE_STOP_SWITCH_TIME_D
MD number Transition time, STOP D to safe standstill
Default value: 0.1 Min. input limit: 0.0 Max. input limit: 600.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: This machine data defines the time period between the initiation of a STOP D and the
activation of a safe operating stop.
The parameterized value must be selected as low as possible.
After the time has expired, the drive is monitored for a safe operating stop. If the axis/
spindle was still not able to be stopped, STOP B is initiated.
corresponds with ...

36954 $MA_SAFE_STOP_SWITCH_TIME_E
MD number Transition time, STOP E to safe standstill
Default value: 0.1 Min. input limit: 0 Max. input limit: 600.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: This data defines the time period between the initiation of a STOP E and the activation of a
safe operating stop.
The parameterized value must be selected as low as possible.
After the time has expired, the drive is monitored for a safe operating stop. If the axis/
spindle was still not able to be stopped, STOP B is initiated.
Special cases, errors,...
corresponds with ...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-405
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36955 $MA_SAFE_STOP_SWITCH_TIME_F
MD number Transition time STOP F to STOP B
Default value: 0.0 Min. input limit: 0.0 Max. input limit: 600.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: Time after which, for a STOP F with active monitoring functions, a change is made to STOP
B.
The parameterized value must be selected as low as possible.
During this time, e.g., another braking response can be activated using synchronous
actions.
The changeover is also made if a STOP C/D/E occurs during this time.
Special cases, errors,...
corresponds with ...

36956 $MA_SAFE_PULSE_DISABLE_DELAY
MD number Delay time, pulse cancellation
Default value: 0.1 Min. input limit: 0.0 Max. input limit: 600.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: For a STOP B, the axis is braked with speed setpoint 0 (or OFF3 ramp). After the delay
time defined in this data, the braking mode changes to STOP A for pulse cancellation.
The parameterized value must be selected as low as possible.
Special cases, errors,... The pulses are cancelled earlier than defined in this machine data if the condition for the
pulse cancellation is present via MD36960: $MA_SAFE_STANDSTILL_VELO_TOL or via
MD36620: $MA_SERVO_DISABLE_DELAY_TIME.
If the timer in this machine data is set to zero, then an immediate transition is made from
STOP B to a STOP A (immediate pulse cancellation).
corresponds with ... MD36960 $MA_SAFE_STANDSTILL_VELO_TOL
MD36620 $MA_SERVO_DISABLE_DELAY_TIME
MD36060 $MA_STANDSTILL_VELO_TOL

36957 $MA_SAFE_PULSE_DIS_CHECK_TIME
MD number Time to check pulse cancellation
Default value: 0.1 Min. input limit: 0.0 Max. input limit: 10.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: This machine data specifies the time when, after pulse cancellation has been requested,
the pulses must be actually cancelled.
The time that elapses between deleting the SGA ”enable pulses” and detecting the SGE
”pulses cancelled status” may not exceed the time limit set in this data.
Note:
If this time is exceeded, a STOP A is initiated.
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-406 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT
MD number Time limit for the acceptance test duration
Default value: 40.0 Min. input limit: 5 Max. input limit: 100
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: On the NCK side, a time limit can be entered for the duration of an acceptance test. If an
acceptance test takes longer than the time specified in this MD, then the NCK terminates
the test.
The acceptance test status is set to zero on the NCK side. If the acceptance test has been
reset, then on the NCK and drive sides, SI power on alarms are again changed over from
being able to be acknowledged with a reset to being able to be acknowledged with power
on.
NCK clears Alarm 27007 and the drive clears message C01799.
This MD is also used to limit the duration of an acceptance test SE (safe limit positions).
After the parameterized time has expired, acceptance test SE is canceled and Alarm 27008
cleared. The software limit positions are then again effective -- the same as they are
entered in the machine data.
corresponds with ...

36960 $MA_SAFE_STANDSTILL_VELO_TOL
MD number Shutdown speed, pulse cancellation
Default value: 0. for mm/min, inch/min Min. input limit: 0. Max. input limit: 1000.
Default value: 0. for rpm Min. input limit: 0. Max. input limit: 1000.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/min, inch/min,
rev/min
Data type: DOUBLE
Meaning: When the axis/spindle speed drops below this limit, it is considered to be at a ”standstill”. In
the STOP B mode the pulses are then cancelled (as a result of the transition to STOP A).
corresponds with ... MD36956 $MA_SAFE_PULSE_DISABLE_DELAY

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-407
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36961 $MA_SAFE_VELO_STOP_MODE
MD number Stop response, safely reduced speed
Default value: 5 Min. input limit: 0 Max. input limit: 14
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: The stop response programmed in this machine data is initiated if a limit value for safely
reduced speed 1, 2, 3 or 4 is exceeded.
= 0, 1, 2, 3 correspond to STOP A, B, C, D -- common for each SG level
= 5 means that the stop response can be configured for specific SGs in MD36963
$MA_SAFE_VELO_STOP_REACTION 36963.
The ones position defines the selection of the stop response when the safely reduced
speed is exceeded.
The tens position defines the behavior when the communication fails if a time greater than 0
was parameterized in MD10089 $MN_SAFE_PULSE_DIS_TIME_BUSFAIL.
0: Stop A
1: Stop B
2: Stop C
3: Stop D
4: Stop E
5:
MD36961 $MA_SAFE_VELO_STOP_MODE invalid, stop response is parameterized using
MD36963 SAFE_VELO_STOP_REACTION
10:
Stop A, in addition when the communication fails to the drive and SG is active, the pulses
are not immediately cancelled
11:
Stop B, in addition when the communication fails to the drive and SG is active, the pulses
are not immediately cancelled
12:
Stop C, in addition when the communication fails to the drive and SG is active, the pulses
are not immediately cancelled
13:
Stop D, in addition when the communication fails to the drive and SG is active, the pulses
are not immediately cancelled
14:
Stop E, in addition when the communication fails to the drive and SG is active, the pulses
are not immediately cancelled
Special cases, errors,... For a value of 5 in this MD, the stop response for each SG stage is selectively defined
MD36963 $MA_SAFE_VELO_STOP_REACTION.
corresponds with ... MD36931 $MA_SAFE_VELO_LIMIT[n]
MD36963 $MA_SAFE_VELO_STOP_REACTION[n]

36962 $MA_SAFE_POS_STOP_MODE
MD number Stop response, safe limit position
Default value: 2 Min. input limit: 2 Max. input limit: 4
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: When passing a safe limit position 1 or 2, then the stop response specified in this machine
data is initiated.
2: STOP C
3: STOP D
4: STOP E
corresponds with ... MD36934 $MA_SAFE_POS_LIMIT_PLUS[n]
MD36935 $MA_SAFE_POS_LIMIT_MINUS[n]

© Siemens AG 2015 All Rights Reserved

8-408 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36963 $MA_SAFE_VELO_STOP_REACTION[0...3]
MD number Stop response, safely reduced speed
Default value: 2 Min. input limit: 0 Max. input limit: 14
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: The stop response programmed in this machine data is initiated if a limit value for safely
reduced speed 1, 2, 3 or 4 is exceeded.
n = 0, 1, 2, 3 stands for SG1, SG2, SG3, SG4
The ones position defines the SG--specific selection of the stop response when the safely
reduced speed is exceeded.
The tens position defines the behavior when the communication to the drive fails on an
SG--specific basis if a time greater than 0 was parameterized in MD10089
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL.
Value means:
0: Stop A
1: Stop B
2: Stop C
3: Stop D
4: Stop E
10:
Stop A, in addition when the communication fails to the drive, the pulses are not immedia-
tely cancelled if this SG stage active
11:
Stop B, in addition when the communication fails to the drive, the pulses are not immedia-
tely cancelled if this SG stage active
12:
Stop C, in addition when the communication fails to the drive, the pulses are not immedia-
tely cancelled if this SG stage active
13:
Stop D, in addition when the communication fails to the drive, the pulses are not immedia-
tely cancelled if this SG stage active
14:
Stop E, in addition when the communication fails to the drive, the pulses are not immedia-
tely cancelled if this SG stage active
Note:
This MD is only active if MD36961 $MA_SAFE_VELO_STOP_MODE and drive parameter
p9561 have the value 5.
Special cases, errors,...
corresponds with ... MD10089 $MA_SAFE_PULSE_DIS_TIME_BUSFAIL
MD36961 $MA_SAFE_VELO_STOP_MODE

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-409
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36964 $MA_SAFE_IPO_STOP_GROUP
MD number Grouping, safety IPO response
Default value: 0 Min. input limit: 0 Max. input limit: 1
Change becomes effective after: RESET Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: This MD is only effective for Safety Integrated axes/spindles.
It influences the channel--wide IPO response distribution of Safety Integrated.
0 = default:
All other axes/spindles in the channel are notified of the IPO stop response of this axis.
1=
For internal stops, the axes and machining spindles, interpolating with the axis involved, are
also additionally influenced via the initiated safety alarms. On the other hand, other axes/
spindles in the channel continue to operate without any disturbance.
For external stops (without alarm) all of the other axes/spindles remain unaffected by the
safety axis/spindle stop. This allows, for example, the pulses of the spindle to be safely
cancelled (using an external Stop A). This means that the spindle can be manually rotated
and the axes can still be safely monitored while it is moving.
If, in some machining situations, the other axes/spindles should stop together with the
safety axis/spindle, then the user is responsible in implementing this using PLC or
synchronous action logic combinations.

corresponds with ...

36965 $MA_SAFE_PARK_ALARM_SUPPRESS
MD number Alarm suppression for parking axis
Default value: FALSE Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BOOLEAN
Meaning: This MD is only effective for Safety Integrated axes/spindles.
0: Default setting:
Alarms 27000/A01797 are displayed when selecting parking.
1:
Alarms 27000/A01797 are not displayed when selecting parking. This is necessary for axes
that are disconnected from one another on the encoder side during the machining process
(e.g. dressing axes). Alarms are displayed when parking operation is subsequently
deselected.
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-410 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36966 $MA_SAFE_BRAKETEST_TORQUE
MD number Holding torque, brake test (NC--controlled)
Default value: 5.0 Min. input limit: 0.0 Max. input limit: 800.0
Change becomes effective after: POWER ON Protection level: 7/2 Unit:%
Data type: DOUBLE
Meaning: This MD specifies the torque or force when testing the mechanical brake system. This
torque or this force is generated during the test against the closed brake and it is not
permissible that the axis moves.
The percentage value entered here refers to drive parameter p2003 of the axis.
The following supplementary conditions apply:
When selecting the brake test (i.e. with the brake open), if the actual torque is more than
85 % of the test torque, the brake test is interrupted with Alarm 20095. This therefore
ensures that the motor can hold the axis even if the brake is defective.
If the brake test is performed using drive parameter p1532 (MD36968 $MA_SAFE_BRAKE-
TEST_CONTROL bit 0 = 0), the required safety margin is increased by twice the difference
between the actual holding torque and the value in parameter p1532.
Enables the corresponding test function via MD37000 $MA_FIXED_STOP_MODE, bit 1.
corresponds with ... MD36969 $MA_SAFE_BRAKETEST_TORQUE_NORM
Additional references See Chapter 7.6: ”Safe brake test (SBT)”

36967 $MA_SAFE_BRAKETEST_POS_TOL
MD number Position tolerance brake test (NC--controlled)
Default value: 1.0 Min. input limit: 0.0 Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/degr.
Data type: DOUBLE
Meaning: Maximum position tolerance when testing the mechanical brake system.
If the axis position deviates from the position by more than this tolerance, when the brake
test is selected, then the brake test is aborted.
Enables the corresponding test function via MD37000 $MA_FIXED_STOP_MODE, bit 1.
corresponds with ...
Additional references /FBSIsl/ see Chapter 7.6: ”Safe brake test (SBT)”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-411
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36968 $MA_SAFE_BRAKETEST_CONTROL
MD number Extended settings for the brake test
Default value: 0 Min. input limit: 0 Max. input limit: 3
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Extended settings for the NC--controlled brake test.
Bit 0: Select the average value for the torque limiting
Bit 0 = 0:
Drive parameter p1532 is used as the average value of the torque limiting.
Bit 0 = 1:
The measured torque at the instant in time that the brake test is selected is used as the
average value of the torque limit.
Bit 1: Criterion for reaching the torque limit in the PLC
Bit 1 = 0: The torque limit value must be reached during the programed travel distance.
Bit 1 = 1: The torque limit value must be reached during the programmed time (PLC).
corresponds with ...
Additional references See Chapter 7.6: ”Safe brake test (SBT)”

36969 $MA_SAFE_BRAKETEST_TORQUE_NORM
MD number Reference quantity for the holding torque, brake test
Default value: 0.0 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/0 Unit: Nm
Data type: DOUBLE
Meaning: Setting the reference quantity for torques.
All of the torques specified as relative value refer to this reference quantity.
This MD involves an image of drive parameter p2003.
corresponds with ...
Additional references

Description of the parameterization of the SGE machine data MD36970 to

MD36978 and MD37901 to 37909
This machine data involves eight--digit hexadecimal numbers, where each digit has
a different significance that is now explained:
Coding of the input assignment is mm xx nn 4.

Permissible Explanation
values
i: Inversion 0, 8 0: No inversion
8: Inversion before processing
s: SPL interface 0, 4 4: Assignment to SPL inter-
face

© Siemens AG 2015 All Rights Reserved

8-412 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

mm: SPL interface 01--02H 01: Addressing the internal

SPL interface $A_OUTSI
02: Addressing the external
SPL interface $A_INSE
xx: System variable word index 01--06H Index of the system variable
word
nn: Number of the system 01--20H Number in the system variable
variable bit word

-- Input value of 0 means: there is no assignment, the input remains fixed at 0.

-- Input value of 80 00 00 00 means: there is no assignment, the input remains
fixed at 1.
-- Several input signals can be parameterized at the same system variable.

Note
The maximum input value for all axis--specific NCK--SGE configuring machine
data is 84020620.
An incorrect entry will be detected the next time the system boots and flagged
using Alarm 27033.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-413
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36970 $MA_SAFE_SVSS_DISABLE_INPUT
MD number Input assignment, SBH/SG deselection
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data defines the NCK input to select/deselect the SBH and SG functions
Structure: Coding of the input assignment, see Page 8-412
Structure: Signal means
= 0, SG or SBH is selected
= 1, SG and SBH are deselected
Special cases, errors,... S Input value of 0 means: There is no assignment, the input remains fixed at 0, SG and
SBH cannot be deselected
S Input value of 80 00 00 00 means: There is no assignment, the input remains fixed at 1
S Several input signals can be parameterized at the same system variable.
corresponds with ...
References:

36971 $MA_SAFE_SS_DISABLE_INPUT
MD number Input assignment, SBH deselection
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Assignment of the NCK input to de--select the safe operating stop function.
Structure: Coding of the input assignment, see Page 8-412
Input assignment to the safe functions if safely reduced speed or safe operating stop has
been activated.
Signal means
= 0, safe operating stop is selected
= 1, safe operating stop is deselected (only if STOP C, D or E has not been activated by
other functions)
Special cases, errors,... S This input is of no significance if SG and SBH have been deselected (refer to MD36970
$MA_SAFE_SVSS_DISABLE_INPUT).
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-414 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36972 $MA_SAFE_VELO_SELECT_INPUT[0...1]
MD number Input assignment, SG selection
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data defines the two inputs to select SG1, SG2, SG3 or SG4.
Structure: Coding of the input assignment, see Page 8-412
n = 1, 0 stand for bit 1, 0 to select from SG1 to SG4
Assignment of the input bits to the safely reduced speeds:
Bit 1 bit 0 selected SG
0 0 SG1
0 1 SG2
1 0 SG3
1 1 SG4
Special cases, errors,...
corresponds with ...

36973 $MA_SAFE_POS_SELECT_INPUT
MD number Input assignment, SE selection
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data defines the input to select the safe limit position 1 or 2.
Structure: Coding of the input assignment, see Page 8-412
Signal means
= 0, SE1 is active
= 1, SE2 is active
Special cases, errors,...
corresponds with ...

36974 $MA_SAFE_GEAR_SELECT_INPUT[0...2]
MD number Input assignment, gearbox ratio selection
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Input assignment for selecting the gear ratio (gearbox stage).
Structure: Coding of the input assignment, see Page 8-412
n = 2, 1, 0 stands for bits 2, 1, 0 to select gearbox stages 1 to 8
Bit 2 Bit 1 Bit 0 active gearbox stage
0 0 0 stage 1
0 0 1 stage 2
0 1 0 stage 3
... ... ... ...
1 1 1 stage 8
Special cases, errors,...
corresponds with ...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-415
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36977 $MA_SAFE_EXT_STOP_INPUT[0...3]
MD number Input assignment, external brake request
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This data defines the NCK inputs to select/deselect the external brake requests.
Structure: Coding of the input assignment, see Page 8-412
n = 0, 1, 2, 3 stands for various braking types
n = 0: Assignment for ”deselect external STOP A” (SH, pulse cancellation)
n = 1: Assignment for ”deselect external STOP C” (braking at the current limit/OFF3 ramp)
n = 2: Assignment for ”deselect external STOP D” (braking along a path)
n = 3: Assignment for ”deselect external STOP E” (ESR, braking along a path)
Special cases, errors,... The signal ”deselect external STOP A” can not be parameterized inverted. In the case of an
error, a parameterizing error is signaled
corresponds with ...
Additional references

36978 $MA_SAFE_OVR_INPUT[0...3]
MD number Input assignment, SG override
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Assigns the NCK inputs for the correction of the limit value of the safely reduced speeds 2
and 4.
Structure: Coding of the input assignment, see Page 8-412
n = 3, 2, 1, 0 stand for correction selection bits 3, 2, 1, 0
Assigns the input bits to the SG correction values:
Bit 3 Bit 2 Bit 1 Bit 0
0 0 0 0 correction 0 is selected
0 0 0 1 correction 1 is selected
Up to
1 1 1 1 correction 15 is selected
The correction factor itself (percentage) is defined using the following machine data:
MD36932 $MA_SAFE_VELO_OVR_FACTOR[n]
Note:
-- The function ”correction, safely reduced speed” is enabled using MD36901
$MA_SAFE_FUNCTION_ENABLE bit 5.
Special cases, errors,...
corresponds with ... MD36932 $MA_SAFE_VELO_OVR_FACTOR[n]
Additional references See Chapter 6.5.4: ”Override for safely reduced speed”

© Siemens AG 2015 All Rights Reserved

8-416 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

Description of the parameterization of the SGA machine data MD36980 to

MD36990 and MD37901 to 37909
This machine data involves eight--digit hexadecimal numbers, where each digit has
a different significance that is now explained:
Coding of the output assignment is mm xx nn 5.

Permissible Explanation
values
i: Inversion 0, 8 0: No inversion
8: Inversion before output
s: SPL assignment 0, 4 4: Assignment to SPL inter-
face

mm: SPL interface 01H 01: Addressing the internal

SPL interface $A_INSI
xx: System variable word index 01--06H Number of the system variable
word
nn: Number of the system 01--20H Bit number in the system
variable bit variable word

-- Input value of 0 means: there is no assignment, the output remains unaffec-

ted.
-- Input value of 80 00 00 00 means: there is no assignment, the output
remains fixed at 1.
-- If a single output signal is connected to a system variable, the following
applies: If MD bit 31 is set, then the signal is processed inverted.
-- If several output signals are connected to the same system variable, the
following applies: If MD bit 31 is set, then the relevant signal is initially inver-
ted. The (in some cases inverted) output signals are then AND’ed and the
result is entered in the system variable.

Note
The maximum input value for all axis--specific NCK_SGA configuring machine
data is 84010620.
An incorrect entry will be detected the next time the system boots and flagged
using Alarm 27033.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-417
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36980 $MA_SAFE_SVSS_STATUS_OUTPUT
MD number Output assignment, SBH/SG active
Default value: 0 Min. input limit: -- Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Assigns the output to signal the status of the functions safely reduced speed and safe
operating stop.
Structure: Coding of the output assignment, see Page 8-417
Signal means:
= 0, SG and SBH are not active
= 1, SG or SBH is active
Special cases, errors,... -- Input value of 0 means: There is no assignment, the output remains unaffected
-- Input value of 80 00 00 00 means: There is no assignment, the output remains fixed at
1
-- If a single output signal is parameterized to a system variable, the following applies: If
MD bit 31 is set, then the signal is processed inverted.
-- If several output signals are connected to the same system variable, the following
applies:
-- If MD bit 31 is set, then the relevant signal is initially inverted. The (in some cases
inverted) output signals are then AND’ed and the result is visible in the system variable.
corresponds with ...
Additional references

36981 $MA_SAFE_SS_STATUS_OUTPUT
MD number Output assignment for SBH active
Default value: 0 Min. input limit: -- Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data defines the output or the system variable for the ”SBH active” signal.
Structure: Coding of the output assignment, see Page 8-417
Signal means
= 0, SBH is not active
= 1, SBH is active
Special cases, errors,...
Additional references

© Siemens AG 2015 All Rights Reserved

8-418 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36982 $MA_SAFE_VELO_STATUS_OUTPUT[0...1]
MD number Output assignment active SG selection
Default value: 0 Min. input limit: -- Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data defines the outputs or the system variables for the signals ”SG active bit
0” and ”SG active bit 1”.
Structure: Coding of the output assignment, see Page 8-417
n = 1, 0 stands for SG active bit 1, 0
Bit 1 Bit 0 means:
=0 =0 SG1 active, if SBH/SG is active and SBH is not active
SBH active, if SBH/SG active and SBH is active
=1 =0 SG2 active
=0 =1 SG3 active
=1 =1 SG4 active
Special cases, errors,...
Additional references

36985 $MA_SAFE_VELO_X_STATUS_OUTPUT
MD number Output assignment n < nx
Default value: 0 Min. input limit: -- Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit:
Data type: DWORD
Meaning: This machine data defines the output or the system variable for the signal ”n < nx”.
Structure: Coding of the output assignment, see Page 8-417
Signal means
= 0, actual speed is higher than the limit speed in MD36946 $MA_SAFE_VELO_X
= 1, actual speed is lower or equal to the limit speed
Special cases, errors,...
corresponds with ... MD36946: $MA_SAFE_VELO_X
Additional references

36987 $MA_SAFE_REFP_STATUS_OUTPUT
MD number Output assignment, axis safely referenced
Default value: 0 Min. input limit: 0 Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the output for the ”axis safely referenced” signal.
Structure: Coding of the output assignment, see Page 8-417
Signal
=0
Axis is not safely referenced (i.e. the safety--relevant end position monitoring is inactive!)
=1
Axis is safely referenced
Special cases, errors,...
Additional references

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-419
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36988 $MA_SAFE_CAM_PLUS_OUTPUT[0...3]
MD number Output assignment, SN1+ to SN4+
Default value: 0, 0, 0, 0 Min. input limit: -- Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam signals SN1+ to SN4+.
n = 0, 1, 2, 3 stands for the assignment of plus cams SN1+, SN2+, SN3+, SN4+
Structure: Coding of the output assignment, see Page 8-417
Signal means
=0
Axis is located to the left of the cam (actual value < cam position)
=1
Axis is located to the right of the cam (actual value > cam position)
Special cases, errors,... If a cam is negated and applied to an output with an additional cam and the signals are
AND’ed, then this results in a single cam signal for area sensing purposes.
Additional references

36989 $MA_SAFE_CAM_MINUS_OUTPUT[0...3]
MD number Output assignment, SN1-- to SN4--
Default value: 0 Min. input limit: -- Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit:
Data type: DWORD
Meaning: This machine data defines the outputs for the minus cams SN1-- to SN4--.
= 0, 1, 2, 3 corresponds to the assignment for minus cams SN1--, SN2--, SN3--, SN4--
Structure: Coding of the output assignment, see Page 8-417
Signal means
=0
Axis is located to the left of the cam (actual value < cam position)
=1
Axis is located to the right of the cam (actual value > cam position)
Special cases, errors,... If a cam is negated and applied to an output with an additional cam and the signals are
AND’ed, then this results in a single cam signal for area sensing purposes.
Additional references

36990 $MA_SAFE_ ACT_STOP_OUTPUT[0...3]

MD number Output assignment of the active stop
Default value: 0 Min. input limit: -- Max. input limit: 84010620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: Assignment of the output signals to display the stops that are presently active.
Structure: Coding of the output assignment, see Page 8-417
Index = 0: Assignment for ”STOP A/B is active”
Index = 1: Assignment for ”STOP C is active”
Index = 2: Assignment for ”STOP D is active”
Index = 3: Assignment for ”STOP E is active”
Special cases, errors,...
corresponds with ...

© Siemens AG 2015 All Rights Reserved

8-420 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36992 $MA_SAFE_CROSSCHECK_CYCLE
MD number Displays axis--specific crosswise comparison clock cycle
Default value: 0.0 Min. input limit: Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/-- Unit: s
Data type: DOUBLE
Meaning: Display data
Effective axis--specific comparison clock cycle in seconds.
The clock cycle is obtained from MD10091 $MN_INFO_SAFETY_CYCLE_TIME and the
number of data to be compared crosswise.
Special cases, errors,...

36993 $MA_SAFE_CONFIG_CHANGE_DATE[0...6]
MD number Date/time of the last change SI axis MD
Default value: -- Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/-- Unit: --
Data type: STRING
Meaning: Display data:
Date and time of the last configuration change of safety--related NCK axis machine data.
Changes made to the machine data that are calculated into the axis--specific checksums
MD36998 $MA_SAFE_ACT_CHECKSUM[] are recorded.
Special cases, errors,...

36994 $MA_SAFE_PREV_CONFIG[0...8]
MD number Data, previous safety axis configuration
Default value: 0H Min. input limit: 0H Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: Siemens Unit: --
Data type: DWORD
Meaning: Buffer memory to save previous safety configuration data
Index[0]: Status flag bit of the change history
Index[1]: Previous value, function enable
Index[2]: previous value reference checksum MD36999 $MA_SAFE_DES_CHECKSUM[0]
Index[3]: Last value, function enable before loading standard data
Index[4]: last value reference checksum MD36999SAFE_DES_CHECKSUM[0] before
loading standard data
Index[5]: previous value reference checksum MD36999SAFE_DES_CHECKSUM[1]
Index[6]: last value reference checksum MD36999SAFE_DES_CHECKSUM[1] before
loading standard data
Index[7]: previous value reference checksum MD36999SAFE_DES_CHECKSUM[2]
Index[8]: last value reference checksum MD36999SAFE_DES_CHECKSUM[2] before
loading standard data
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-421
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

36995 $MA_SAFE_STANDSTILL_POS
MD number Standstill position
Default value: 0 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 0/0 Unit: --
Data type: DWORD
Meaning: The position at which the axis has currently stopped is displayed in this MD.
To be able to perform a plausibility check on the axis referencing when the control system
is powered--up the next time, the current axis position is permanently saved (in a non--vola-
tile fashion) when the following events take place:
-- When safe operating stop (SBH) is selected
-- Cyclically when SE/SN is active
Special cases, errors,... Any manual changes to the MD are detected the next time that the control is powered--up
(plausibility check). A new user agreement is required after referencing.

36997 $MA_SAFE_ACKN
MD number User agreement
Default value: 0 Min. input limit: -- Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: The status of the user agreement is displayed in this machine data.
The user can confirm or cancel his ”user agreement” using an appropriate screen.
If it is internally detected in the software that the reference to the machine has been lost,
then it is automatically cancelled (e.g. when changing over gear ratios or when referencing,
the plausibility check when comparing with the saved stop position fails).
Special cases, errors,... Any manual changes to the MD are detected the next time that the control is powered--up
(plausibility check). A new user agreement is required after referencing.

36998 $MA_SAFE_ACT_CHECKSUM[0,1,2]
MD number Actual checksum
Default value: 0H Min. input limit: 0H Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: 7/0 Unit: --
Data type: DWORD
Meaning: The actual checksum – calculated after power on or a reset – over the actual values of
safety--related machine data is entered here.
Assignment of the field indices:
Index 0: axis--specific monitoring functions
Index 1: HW component IDs
Index 2: Drive assignment

© Siemens AG 2015 All Rights Reserved

8-422 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

36999 $MA_SAFE_DES_CHECKSUM[0,1,2]
MD number Reference checksum
Default value: 0H Min. input limit: 0H Max. input limit: FFFFFFFFH
Change becomes effective after: POWER ON Protection level: 7/1 Unit: --
Data type: DWORD
Meaning: This machine data contains the reference checksum over the actual values of safety--
related machine data that was saved during the last machine acceptance test.
Assignment of the field indices:
Index 0: axis--specific monitoring functions
Index 1: HW component IDs
Index 2: Drive assignment

37000 $MA_FIXED_STOP_MODE
MD number Travel to fixed stop mode
Default value: 0 Min. input limit: 0 Max. input limit: 3
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: Activation of subfunction ”Travel to fixed stop”
Bit 0: Reserved
Bit 1: Enables the safe brake test
= 0: Safe brake test not available
= 1: Safe brake test can be performed, controlled from the PLC.
Note: The user must ensure that travel to fixed stop and safe brake test are not
simultaneously entered.

37900 $MA_SAFE_CAM_TRACK_OUTPUT[0...3]
MD number Output assignment cam tracks 1 to 4
Default value: 0H Min. input limit: 0H Max. input limit: --
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for cam tracks 1 to 4.
n = 0, 1, 2, 3 corresponds to the assignment for cam tracks 1 to 4
Structure: see coding of the output assignment, see Page 8-417
Signal means
= 0 axis is not at a cam of the cam track
= 1, axis is located on a cam of the cam track
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-423
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

37901 $MA_SAFE_CAM_RANGE_OUTPUT_1[0...3]
MD number Output assignment, cam range for cam track 1
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range of cam track 1.
Structure: see coding of the output assignment, see Page 8-417
n = 0, 1, 2, 3 corresponds to the 4 bits to specify the range on cam track 1
Bit 3 Bit 2 Bit 1 Bit 0
0 0 0 0 cam range 0 is active
0 0 0 1 cam range 1 is active
up to ...
1 1 1 1 cam range 15 is active
The cam range is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]
Signal means
= 0...14, axis is located in the range of the cam that was assigned to range ID 0...14 on
cam track 1.
= 15 axis is located in the range to the right of the outermost cam of cam track 1
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If not all of the 4 bits are assigned, then under certain circumstances, it cannot be uniquely
and clearly identified as to which cam range is active.
Special cases, errors,...
corresponds with ... MD37900 $MA_SAFE_CAM_TRACK_OUTPUT

37902 $MA_SAFE_CAM_RANGE_OUTPUT_2[0...3]
MD number Output assignment, cam range for cam track 2
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range of cam track 2.
Structure: see coding of the output assignment, see Page 8-417
n = 0, 1, 2, 3 corresponds to the 4 bits to specify the range on cam track 2
Bit 3 Bit 2 Bit 1 Bit 0
0 0 0 0 cam range 0 is active
0 0 0 1 cam range 1 is active
up to ...
1 1 1 1 cam range 15 is active
The cam range is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]
Signal means
= 0...14, axis is located in the range of the cam that was assigned to range ID 0...14 on
cam track 2.
= 15 axis is located in the range to the right of the outermost cam of cam track 2
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If not all of the 4 bits are assigned, then under certain circumstances, it cannot be uniquely
and clearly identified as to which cam range is active.
Special cases, errors,...
corresponds with ... MD37900 $MA_SAFE_CAM_TRACK_OUTPUT

© Siemens AG 2015 All Rights Reserved

8-424 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

37903 $MA_SAFE_CAM_RANGE_OUTPUT_3[0...3]
MD number Output assignment, cam range for cam track 3
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range of cam track 3.
Structure: see coding of the output assignment, see Page 8-417
n = 0, 1, 2, 3 corresponds to the 4 bits to specify the range on cam track 3
Bit 3 Bit 2 Bit 1 Bit 0
0 0 0 0 cam range 0 is active
0 0 0 1 cam range 1 is active
up to ...
1 1 1 1 cam range 15 is active
The cam range is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]
Signal means
= 0...14, axis is located in the range of the cam that was assigned to range ID 0...14 on
cam track 3.
= 15 axis is located in the range to the right of the outermost cam of cam track 3
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If not all of the 4 bits are assigned, then under certain circumstances, it cannot be uniquely
and clearly identified as to which cam range is active.
Special cases, errors,...

corresponds with ... MD37900 $MA_SAFE_CAM_TRACK_OUTPUT

37904 $MA_SAFE_CAM_RANGE_OUTPUT_4[0...3]
MD number Output assignment, cam range for cam track 4
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range of cam track 4.
Structure: see coding of the output assignment, see Page 8-417
n = 0, 1, 2, 3 corresponds to the 4 bits to specify the range on cam track 4
Bit 3 Bit 2 Bit 1 Bit 0
0 0 0 0 cam range 0 is active
0 0 0 1 cam range 1 is active
up to ...
1 1 1 1 cam range 15 is active
The cam range is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]
Signal means
= 0...14, axis is located in the range of the cam that was assigned to range ID 0...14 on
cam track 4.
= 15 axis is located in the range to the right of the outermost cam of cam track 4
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If not all of the 4 bits are assigned, then under certain circumstances, it cannot be uniquely
and clearly identified as to which cam range is active.
corresponds with ... MD37900 $MA_SAFE_CAM_TRACK_OUTPUT

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-425
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

37906 $MA_SAFE_CAM_RANGE_BIN_OUTPUT_1[0...14]
MD number Output assignment, cam range bit for cam track 1
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range bits of cam track 1.
Structure: see coding of the output assignment, see Page 8-417
Field index n corresponds to the parameterizable cam range numbers on cam track 1.
The cam range number is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[0...29]
Signal means
= 0, axis is not located on the cam with cam range number n
= 1, axis is located on the cam with cam range number n
Example:
The signal that is addressed using field index 5 goes to 1 if the axis is located at the cam
that is assigned to cam track 1 by parameterizing the cam range number 5.
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If the cam range number n is not parameterized on cam track 1 then the signal of field index
n can never go to 1. The output MD with field index n must in this case not be para-
meterized.
Special cases, errors,...

37907 $MA_SAFE_CAM_RANGE_BIN_OUTPUT_2[0...14]
MD number Output assignment, cam range bit for cam track 2
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range bits of cam track 2.
Structure: see coding of the output assignment, see Page 8-417
Field index n corresponds to the parameterizable cam range numbers on cam track 2.
The cam range number is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[0...29]
Signal means
= 0, axis is not located on the cam with cam range number n
= 1, axis is located on the cam with cam range number n
Example:
The signal that is addressed using field index 5 goes to 1 if the axis is located at the cam
that is assigned to cam track 2 by parameterizing the cam range number 5.
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If the cam range number n is not parameterized on cam track 2 then the signal of field index
n can never go to 1. The output MD with field index n must in this case not be para-
meterized.
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-426 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

37908 $MA_SAFE_CAM_RANGE_BIN_OUTPUT_3[0...14]
MD number Output assignment, cam range bit for cam track 3
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range bits of cam track 3.
Structure: see coding of the output assignment, see Page 8-417
Field index n corresponds to the parameterizable cam range numbers on cam track 3.
The cam range number is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[0...29]
Signal means
= 0, axis is not located on the cam with cam range number n
= 1, axis is located on the cam with cam range number n
Example:
The signal that is addressed using field index 5 goes to 1 if the axis is located at the cam
that is assigned to cam track 3 by parameterizing the cam range number 5.
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If the cam range number n is not parameterized on cam track 3 then the signal of field index
n can never go to 1. The output MD with field index n must in this case not be para-
meterized.
Special cases, errors,...

37909 $MA_SAFE_CAM_RANGE_BIN_OUTPUT_4[0...14]
MD number Output assignment, cam range bit for cam track 3
Default value: 0 Min. input limit: 0 Max. input limit: 84020620
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: This machine data specifies the outputs for the cam range bits of cam track 4.
Structure: see coding of the output assignment, see Page 8-417
Field index n corresponds to the parameterizable cam range numbers on cam track 4.
The cam range number is defined using the following machine data:
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[0...29]
Signal means
= 0, axis is not located on the cam with cam range number n
= 1, axis is located on the cam with cam range number n
Example:
The signal that is addressed using field index 5 goes to 1 if the axis is located at the cam
that is assigned to cam track 4 by parameterizing the cam range number 5.
Note:
The ”safe cam track” function is enabled using MD36903 $MA_SAFE_CAM_ENABLE.
If the cam range number n is not parameterized on cam track 4 then the signal of field index
n can never go to 1. The output MD with field index n must in this case not be para-
meterized.
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-427
Data Description 10/15
8.1 Machine data for SINUMERIK 840D sl

37920 $MA_SAFE_STANDSTILL_VELO_LIMIT
MD number Switchover speed SBH/SG
Default value: 0.0 for mm/min, inch/min Min. input limit: 0.0 Max. input limit: 1000.0
Default value: 0.0 for rpm Min. input limit: 0.0 Max. input limit: 1000.0
Change becomes effective after: POWER ON Protection level: 7/2 Unit: mm/min, inch/min,
rev/min
Data type: DOUBLE
Meaning: When the axis/spindle speed drops below this limit, it is considered to be at a ”standstill”.
A switch over to safe operating stop or to a lower velocity level is realized at the latest after
the time parameterized in MD37922 $MA_SAFE_STANDSTILL_DELAY expires. This
premature switchover is only realized if a velocity > 0.0 is parameterized in this MD.
corresponds with ... MD37922 $MA_SAFE_STANDSTILL_DELAY and drive parameter p9567/p9569
Special cases, errors,...

37922 $MA_SAFE_STANDSTILL_DELAY
MD number Delay time, switchover to SBH/SG
Default value: 0.1 Min. input limit: 0.0 Max. input limit: 10.
Change becomes effective after: POWER ON Protection level: 7/2 Unit: s
Data type: DOUBLE
Meaning: If, when transitioning to a safe operating stop or to a lower velocity level, standstill is identi-
fied (see MD37920 $MA_SAFE_STANDSTILL_VELO_LIMIT), then at the latest, after this
transition time SBH or the selected SG stage becomes active. In this case, transition times
from Stop C, D and E as well as from SG to SBH or from a higher to a lower SG level are
interrupted or replaced by this delay time.
corresponds with ... MD37920 $MA_SAFE_STANDSTILL_VELO_LIMIT and drive parameter p9567/p9569
Special cases, errors,...

37950 $MA_SAFE_INFO_ENABLE
MD number SIC/SCC and PROFIsafe enable
Default value: 0 Min. input limit: 0 Max. input limit: 3
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: DWORD
Meaning: MD to enable evaluation of the SIC/SCC telegram between the control system and drive
and to enable the transfer of the PROFIsafe telegram between F--PLC and drive.
Enables the evaluation of the Safety Contol Channel / Safety Info Channel (SCC/SIC).
Bit 0: For axes with NC safety functionality, only the drive--integrated brake test is
supported via SIC/SCC.
Bit 1: Enables PROFIsafe communication between F--PLC and drive
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

8-428 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.1 Machine data for SINUMERIK 840D sl

37952 $MA_PROFISAFE_MODULE_NR
MD number PROFIsafe module number
Default value: 1...31 Min. input limit: 1 Max. input limit: 31
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: Number to select a logical basis address from MD13372 $MN_SAFE_PS_DRIVE_
LOGIC_ADDR.
Special cases, errors,...

37954 $MA_SAFE_INFO_MODULE_NR
MD number SIC/SCC module number
Default value: 1...31 Min. input limit: 1 Max. input limit: 31
Change becomes effective after: POWER ON Protection level: 7/2 Unit: --
Data type: BYTE
Meaning: Number to select a logical basis address from MD13374 $MN_SAFE_INFO_DRIVE_
LOGIC_ADDR
Special cases, errors,...

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-429
Data Description 10/15
8.2 Parameters for SINAMICS S120

8.2 Parameters for SINAMICS S120

Note
Some safety parameters for the motion monitoring functions on the CU are
protected with access level 4 (manufacturer access) which means that as
standard, they are not visible in the expert list of the STARTER drive
commissioning tool. However, the access stage is reduced as a result of a
user--specific view for SINUMERIK 840D sl to 3 (expert access) so that the safety
parameters for the motion monitoring functions are visible on the HMI without
having to enter a password for the access stage.
This comment must be taken into account for all safety parameters for the motion
monitoring functions (name ”SI Motion...”) that are listed in the following Chapters:
There, standard access level 4 is sometimes specified, while in operation with
SINUMERIK 840D sl, access level 3 is actually effective.

The following parameters are available:

S Safety parameters for the Control Unit
S Safety parameters for the Motor Module

Parameter number
The parameter number consists of a leading ”p” or ”r”, followed by the parameter
number and the index (optional).
Examples of the representation in the parameter list:
S p... adjustable parameters (can be read and written to)
S r... visualization parameters (read--only)
S p0918 adjustable parameter 918
S p0099[0...3] adjustable parameter 99, indices 0 to 3
S p1001[0...n] adjustable parameter 1001, indices 0 to n (n = configurable)
S r0944 visualization parameter 944
Other examples of notation in the documentation:
S p1070[1] adjustable parameter 1070 index 1
S p2098[1].3 adjustable parameter 2098 index 1 bit 3
S r0945[2](3) visualization parameter 945, index 2 of drive object 3
S p0795.4 adjustable parameter 795 bit 4
S r2129.0...15 display parameter 2129 with bit field (maximum 16 bit)
The possible data types of parameter values are as follows:

I8 Integer8 8 bit integer number

I16 Integer16 16 bit integer number
I32 Integer32 32 bit integer number
U8 Unsigned8 8 bit without sign

© Siemens AG 2015 All Rights Reserved

8-430 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

U16SAF Unsigned16 16 bit without sign

E_ENC_
MEAS_S
TEPS_P
OS1
U32 Unsigned32 32 bit without sign
REAL32 REAL32 Floating--point number
(32 bits)

For a complete list of the parameters in the SINAMICS S120 drive system,
refer to:
Reference: /LH1/ SINAMICS S List Manual

8.2.1 Parameter overview

When copying, the parameters with grey background are not taken into considera-
tion. The machine manufacturer must manually enter this data.

Table 8-2 Parameters for SINAMICS S120

No. Designators for SINAMICS S120 Check- Equivalent MD for 840D sl

sum

Name No. Name

p2003 Reference torque 36969 $MN_SAFE_BRAKETEST_TOR-
QUE_NORM
Parameters for motion monitoring
p9500 SI Motion monitoring clock cycle (Control 0 10090 $MN_SAFETY_SYSCLOCK_TIME_RA-
Unit) TIO
p9501 SI Motion enable safe functions (Control 0 36901 $MA_SAFE_FUNCTION_ENABLE
Unit)
p9502 SI Motion axis type (Control Unit) 0 36902 $MA_SAFE_IS_ROT_AX
p9503 SI Motion SCA (SN) enable (Control Unit) 0 36903 $MA_SAFE_CAM_ENABLE
p9505 SI Motion SCA (SN) enable (Control Unit) 0 36905 $MA_SAFE_MODULO_RANGE
p9513 SI Motion non--safety--related measuring 0 36913 $MA_SAFE_ENC_MEAS_STEPS_POS
steps POS1 (Control Unit). 1
p9514 SI Motion absolute encoder linear measuring 0 36914 $MA_SAFE_SINGLE_ENC
steps (Control Unit)
p9515 SI Motion coarse position value configuration 2 ---- ----
(CU)
p9516 SI Motion, motor encoder configuration, 1 36916 $MA_SAFE_ENC_IS_LINEAR
safety--related functions (CU)
p9517 SI Motion linear scale grid division (Control 1 36917 $MA_SAFE_ENC_GRID_POINT_DIST
Unit)
p9518 SI Motion encoder pulses per revolution 1 36918 $MA_SAFE_ENC_RESOL
(Control Unit)
p9519 SI Motion fine resolution G1_XIST1 (Control 1 36919 $MA_SAFE_ENC_PULSE_SHIFT
Unit)
p9520 SI Motion leadscrew pitch (Control Unit) 1 36920 $MA_SAFE_ENC_GEAR_PITCH

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-431
Data Description 10/15
8.2 Parameters for SINAMICS S120

Table 8-2 Parameters for SINAMICS S120, continued

Name No. Name

p9521 SI Motion gearbox encoder/load denominator 1 36921 $MA_SAFE_ENC_GEAR_DENOM[n]
(Control Unit)
p9522 SI Motion gearbox encoder/load numerator 1 36922 $MA_SAFE_ENC_GEAR_NUMERA[n]
(Control Unit)
p9523 SI Motion redundant coarse position value 2 ---- ----
valid bits (CU)
p9524 SI Motion fine resolution coarse position 2 ---- ----
value (Control Unit)
p9525 SI Motion redundant coarse position relevant 1 ---- ----
bits (Control Unit)
p9526 SI Motion encoder assignment control 1 ---- ----
(Control Unit)
r9527 SI Motion Sensor Module type 2nd channel ---- ----
(Control Unit)
r9529 SI Motion Gx_XIST1 coarse position safety 1 ---- ----
most significant bit (Control Unit)
p9530 SI Motion standstill tolerance (Control Unit) 0 36930 $MA_SAFE_STANDSTILL_TOL
p9531 SI Motion SLS (SG) limit values (Control 0 36931 $MA_SAFE_VELO_LIMIT[n]
Unit)
p9532 SI Motion SLS (SG) override factor (Control 0 36932 SAFE_VELO_OVR_FACTOR[n]
Unit)
p9534 SI Motion SLP (SE) upper limit values 0 36934 $MA_SAFE_POS_LIMIT_PLUS[n]
(Control Unit)
p9535 SI Motion SLP (SE) lower limit values 0 36935 $MA_SAFE_POS_LIMIT_MINUS[n]
(Control Unit)
p9536 SI Motion SCA (SN) plus cam position 0 36936 $MA_SAFE_CAM_POS_PLUS[n]
(Control Unit)
p9537 SI Motion SCA (SN) minus cam position 0 36937 $MA_SAFE_CAM_POS_MINUS[n]
p9538 SI Motion SCA (SN) cam track assignment 0 36938 $MA_SAFE_CAM_TRACK_ASSIGN
(Control Unit)
p9540 SI Motion SCA (SN) tolerance (Control Unit) 0 36940 $MA_SAFE_CAM_TOL
p9542 SI Motion actual value comparison tolerance 0 36942 $MA_SAFE_POS_TOL
(crosswise) (Control Unit)
p9544 SI Motion actual value comparison tolerance 0 36944 $MA_SAFE_REFP_POS_TOL
(referencing) (CU)
p9545 SI Motion SSM (SGA n < nx) filter time 0 36945 $MA_SAFE_VELO_X_FILTER_TIME
(Control Unit)
p9546 SI Motion SSM (SGA n < nx) speed limit n_x 0 36946 $MA_SAFE_VELO_X
(CU)
p9547 SI Motion SSM (SGA n < nx) speed 0 36947 $MA_SAFE_VELO_X_HYSTERESIS
hysteresis (CU)
p9548 SI Motion SBR actual speed tolerance 0 36948 $MA_SAFE_STOP_VELO_TOL
(Control Unit)
p9549 SI Motion slip velocity tolerance (Control 0 36949 $MA_SAFE_SLIP_VELO_TOL
Unit)
p9550 SI Motion SGE changeover tolerance time 0 36950 $MA_SAFE_MODE_SWITCH_TIME
(Control Unit)
p9551 SI Motion SGE changeover delay time 0 36951 $MA_SAFE_VELO_SWITCH_DELAY
(Control Unit)
p9552 SI Motion transition time STOP C to SOS 0 36952 $MA_SAFE_STOP_SWITCH_TIME_C
(SBH) (Control Unit)

© Siemens AG 2015 All Rights Reserved

8-432 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

Table 8-2 Parameters for SINAMICS S120, continued

Name No. Name

p9553 SI Motion transition time STOP D to SOS 0 36953 $MA_SAFE_STOP_SWITCH_TIME_D
(SBH) (Control Unit)
p9554 SI Motion transition time STOP E to SOS 0 36954 $MA_SAFE_STOP_SWITCH_TIME_E
(SBH) (Control Unit)
p9555 SI Motion transition time STOP F to STOP B 0 36955 $MA_SAFE_STOP_SWITCH_TIME_F
(Control Unit)
p9556 SI Motion pulse suppression delay time 0 36956 $MA_SAFE_PULSE_DISABLE_DELAY
(Control Unit)
p9557 SI Motion pulse cancellation checking time 0 36957 $MA_SAFE_PULSE_DIS_CHECK_TIM
(Control Unit) E
p9558 SI Motion acceptance test time limit (Control 0 36958 $MA_SAFE_ACCEPTANCE_TST_TI-
Unit) MEOUT
p9560 SI Motion pulse suppression shutdown 0 36960 $MA_SAFE_STANDSTILL_VELO_TOL
speed (Control Unit)
p9561 SI Motion SLS (SG) stop response (Control 0 36961 $MA_SAFE_VELO_STOP_MODE
Unit)
p9562 SI Motion SLP (SE) stop response (Control 0 36962 $MA_SAFE_POS_STOP_MODE
Unit)
p9563 SI Motion SLS(SG)--specific stop response 0 36963 $MA_SAFE_VELO_STOP_REAC-
(Control Unit) TION[n]
p9567 SI Motion switchover time to SOS

p9569 SI Motion transition to SOS after standstill

p9570 SI Motion acceptance test mode (Control corresponds to OPI variables for NCK
Unit)
p9571 SI Motion acceptance test status (Control corresponds to OPI variables for NCK
Unit)
r9590 SI Motion version safety motion monitoring ---- ----
(Control Unit)
Parameters for basic safety functions integrated in the drive
p9601 SI enable functions integrated in the drive ---- ----
(Control Unit)
p9602 SI enable safe brake control (Control Unit) ---- ----
p9620 BI: SI signal source for STO (SH)/SBC/SS1 ---- ----
(Control Unit)
p9621 BI: SI Safe Brake Adapter signal source ---- ----
(Control Unit)

p9622 SI SBA relay wait times (Control Unit) ---- ----

p9625 SI HLA shutoff valve wait time (CU) ---- ----
p9626 SI HLA shutoff valve feedback contacts ---- ----
configuration (CU)
p9650 SI SGE switchover tolerance time (Control ---- ----
Unit)
p9651 SI STO/SBC/SS1 debounce time (Control ---- ----
Unit)
p9652 SI Safe Stop 1 delay time (Control Unit) ---- ----
p9653 SI Safe Stop 1 drive--based braking ---- ----
response

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-433
Data Description 10/15
8.2 Parameters for SINAMICS S120

Table 8-2 Parameters for SINAMICS S120, continued

Name No. Name

p9658 SI transition time STOP F to STOP A ---- ----
(Control Unit)
p9659 SI forced checking procedure timer ---- ----
r9660 SI forced checking procedure remaining time ---- ----
p9697 SI Motion, pulse cancellation failsafe delay ---- ----
time (CU)
General diagnostic parameters on the CU
r9710 SI Motion diagnostics results list 1 ---- ----
r9711 SI Motion diagnostics results list 2 ---- ----
r9712 SI Motion diagnostics position actual value ---- ----
motor side
r9713 SI Motion diagnostics position actual value ---- ----
load side
r9714 SI Motion diagnostics velocity actual value ---- ----
load side
r9718 CO/BO: SI Motion control signals 1 ---- ----
r9719 CO/BO: SI Motion control signals 2 ---- ----
r9721 SI Motion status signals ---- ----
r9724 SI Motion, cross--check cycle
r9725 SI Motion diagnostics STOP F ---- For 840D integrated in the alarm text
p9726 SI Motion user agreement selection/deselec- ---- corresponds to OPI variables for NCK
tion
r9727 SI Motion internal drive user agreement 36997 $MA_SAFE_ACKN
r9728 SI Motion actual checksum SI parameters 36998 $MA_SAFE_ACT_CHECKSUM
p9729 SI Motion reference checksum SI parame- 36999 $MA_SAFE_DES_CHECKSUM
ters
r9730 SI Motion safe maximum speed ---- ----
r9731 SI safe position accuracy ---- ----
r9733 SI CO: SI Motion effective setpoint speed ---- ----
limiting
p9735 SI Motion diagnostics results list 3 ---- ----
p9736 SI Motion diagnostics results list 4 ---- ----
p9737 SI Motion diagnostics results list 5 ---- ----
p9738 SI Motion diagnostics results list 6 ---- ----
p9739 SI Motion diagnostics results list 7 ---- ----
r9744 SI message buffer changes, counter ---- ----
r9747 SI message code ---- ----
r9748 SI message time received in milliseconds ---- ----
r9749 SI message value ---- ----
p9752 SI message cases, counter ---- ----
r9753 SI message value for float values ---- ----
r9754 SI message time received in days ---- ----
r9755 SI message time removed in milliseconds ---- ----
r9756 SI message time removed in days ---- ----
p9759 SI acknowledge messages drive object ---- ----
p9761 SI password input ---- ----
p9762 SI new password ---- ----
p9763 SI password acknowledgment ---- ----

© Siemens AG 2015 All Rights Reserved

8-434 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

Table 8-2 Parameters for SINAMICS S120, continued

Name No. Name

r9770 SI version drive--integrated safety functions ---- ----
(Control Unit)
r9771 SI common functions (Control Unit) ---- ----
r9772 CO/BO: SI status (Control Unit) ---- ----
r9773 CO/BO: SI status (Control Unit+Motor ---- ----
Module)
r9774 CO/BO: SI status (safe standstill group) ---- ----
r9776 SI diagnostics
r9780 SI monitoring cycle (Control Unit) ---- ----
r9794 SI crosswise comparison list (Control Unit) ---- ----
r9795 SI diagnostics STOP F (Control Unit) ---- ----
r9798 SI actual checksum SI parameters (Control ---- ----
Unit)
p9799 SI reference checksum SI parameters ---- ----
(Control Unit)
Parameters for functions integrated in the drive MM
p9801 SI enable safe functions (Motor Module) ---- ----
p9802 SI enable safe brake control (Motor Module) ---- ----
p9810 SI PROFIsafe address (Motor Module) ---- ----
p9821 BI: SI Safe Brake Adapter signal source
(Motor Module)

p9822 SI SBA relay wait times (Motor Module)

p9850 SI SGE switchover tolerance time (Motor ---- ----
Module)
p9851 SI STO/SBC/SS1 debounce time (Motor
Module)
p9852 SI Safe Stop 1 delay time (Motor Module) ---- ----
p9858 SI transition time STOP F to STOP A (Motor ---- ----
Module)
r9870 SI version (Motor Module) ---- ----
r9871 SI common functions (Motor Module) ---- ----
r9872 CO/BO: SI status (Motor Module) ---- ----
r9880 SI monitoring cycle (Motor Module) ---- ----
r9881 SI Sensor Module Node Identifier control ---- ----
r9890 SI version (Sensor Module) ---- ----
r9894 SI crosswise comparison list (Motor Module) ---- ----
r9895 SI diagnostics STOP F (Motor Module) ---- ----
p9897 SI Motion, pulse cancellation failsafe delay ---- ----
time (MM)
r9898 SI actual checksum SI parameters (Motor ---- ----
Module)
p9899 SI reference checksum SI parameters ---- ----
(Motor Module)
p10201 SI Motion SBT enable ---- ----
p10202 SI Motion SBT brake selection ---- ----
p10203 SI Motion SBT control selection ---- ----
p10204 SI Motion SBT motor type ---- ----

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-435
Data Description 10/15
8.2 Parameters for SINAMICS S120

Table 8-2 Parameters for SINAMICS S120, continued

Name No. Name

p10208 SI Motion SBT test torque ramp time ---- ----

p10209 SI Motion SBT brake holding torque ---- ----
p10210 SI Motion SBT test torque factor ---- ----
sequence 1
p10211 SI Motion SBT test duration sequence ---- ----
1
p10212 SI Motion SBT position tolerance ---- ----
sequence 1
p10218 SI Motion SBT test torque sign ---- ----
p10220 SI Motion SBT test torque factor ---- ----
sequence 2
p10221 SI Motion SBT test duration sequence ---- ----
2
p10222 SI Motion SBT position tolerance ---- ----
sequence 2
p10230 SI Motion SBT control word ---- ----
r10231 SI Motion SBT control word diagnostics ---- ----
r10234.0 SI Safety Info Channel status word ---- ----
...15 S_ZSW3B
p10235 CI: SI Safety Control Channel control ---- ----
word S_STW3B
p10240 SI Motion SBT test torque diagnostics ---- ----
p10241 SI Motion SBT load torque diagnostics ---- ----
p10242 SI Motion SBT state diagnostics ---- ----
p10250 CI: SI Safety Control Channel control ---- ----
word S_STW1B
r10251. CO/BO: SI Safety Control Channel ---- ----
8...12 control word S_STW1B diagnostics
p60122 IF1 PROFIdrive SIC/SCC telegram ---- ----
selection

Downloading standard motor data

When standard motor data is downloaded some drive parameters are overwritten.
If another type of motor is installed (e.g. after repairs have been carried out) and
the associated motor default data is downloaded, then the encoder data must be
changed back to its original value.

© Siemens AG 2015 All Rights Reserved

8-436 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

8.2.2 Description of parameters

r0469[0....2] Absolute encoder linear measuring steps

Display of the absolute position resolution for a linear absolute Checksum: Protection level:
encoder. 3
[0] = Encoder 1
[1] = encoder 2
[2] = encoder 3
See also: p0422, p9514
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
nm -- -- -- Unsigned32 POWER ON

r0470[0....2] Redundant coarse position value valid bits

Displays the valid bits of the redundant coarse position value. Checksum: Protection level:
[0] = Encoder 1 3
[1] = encoder 2
[2] = encoder 3
See also: p9523
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- U16 POWER ON

r0471[0....2] Redundant coarse position value fine resolution bits

Displays the number of bits for the fine resolution of the redundant Checksum: Protection level:
coarse position value. 3
[0] = Encoder 1
[1] = encoder 2
[2] = encoder 3
See also: p9524
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- Integer16 POWER ON

r0472[0....2] Redundant coarse position value relevant bits

Displays the number of relevant bits for the redundant coarse posi- Checksum: Protection level:
tion value. 3
[0] = Encoder 1
[1] = encoder 2
[2] = encoder 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- U16 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-437
Data Description 10/15
8.2 Parameters for SINAMICS S120

r0473[0....2] Non--safety--related measuring steps position value POS1.

Displays the non--safety--related measuring steps of POS1. Checksum: Protection level:
[0] = Encoder 1 3
[1] = encoder 2
[2] = encoder 3
see also p0416, p9513
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- Unsigned32 POWER ON

r0474[0....2] Redundant coarse position value configuration

Displays the encoder configuration for the redundant coarse position Checksum: Protection level:
value. 3
[0] = Encoder 1
[1] = encoder 2
[2] = encoder 3
Bit array
00 up--counter
1 signal yes, 0 signal no
01 encoder CRC, least significant byte first
1 signal yes, 0 signal no
02 redundant coarse position value most significant bit left--justified
1 signal yes, 0 signal no
04 binary comparison not possible
1 signal yes, 0 signal no
See also p9515
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- U16 POWER ON

r0475[0....2] Gx_XIST1 coarse position safety most significant bit

Displays the bit number for the safety most significant bit (MSB) of Checksum: Protection level:
the Gx_XIST1 coarse position. 3
[0] = Encoder 1
[1] = encoder 2
[2] = encoder 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- U16 POWER ON

© Siemens AG 2015 All Rights Reserved

8-438 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r0979[0....30] PROFIdrive encoder format / PD encoder format

Displays the position actual value encoder that is being used Checksum: Protection level:
according to PROFIdrive. 3
[0] = header
[1] = type, encoder 1
[2] = resolution, encoder 1
[3] = shift factor G1_XIST1
[4] = shift factor G1_XIST2
[5] = revolutions that can be distinguished, encoder 1
[6] = reserved
[7] = reserved
[8] = reserved
[9] = reserved
[10] = reserved
[11] = type encoder 2
[12] = resolution, encoder 2
[13] = shift factor G2_XIST1
[14] = shift factor G2_XIST2
[15] = revolutions that can be distinguished, encoder 2
[16] = reserved
[17] = reserved
[18] = reserved
[19] = reserved
[20] = reserved
[21] = type encoder 3
[22] = resolution, encoder 3
[23] = shift factor G3_XIST1
[24] = shift factor G3_XIST2
[25] = revolutions that can be distinguished, encoder 3
[26...30] = reserved
Information on the individual indices can be found in the following
references: PROFIdrive profile drive technology
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- U32 POWER ON

p1135[0...n] OFF3 ramp--down time

Sets the ramp down time from the maximum velocity to standstill for Checksum: Protection level:
the OFF3 command. 2
Note:
This time can be exceeded if the maximum the DC link voltage is
reached.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
s 0.000 0.000 600000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-439
Data Description 10/15
8.2 Parameters for SINAMICS S120

p1532[0...n] CO: Torque limit, offset / CO: Force offset, force limit
Sets the torque offset for the torque limit. Checksum: Protection level:
See also: p1520, p1521, p1522, p1523, p1528, p1529 3
Notice:
A BICO interconnection to a parameter that belongs to a drive data
set always acts on the effective data set.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
Nm, N -- --100000.00 100000.00 Floating Point32 POWER ON
[Nm], [Nm],
--100000.00 [N] 100000.00 [N]

p2003 Reference force

Setting the reference quantity for forces. Checksum: Protection level:
All of the torques specified as relative value refer to this reference 3
quantity. The reference quantity corresponds to 100% or 4000 hex
(word) or 4000 0000 hex (double word).
Note
For the automatic calculation (p0340 = 1, p3900 > 0) an appropriate
pre--assignment is only made if the parameter is at the factory
setting.
If a BICO interconnection is established between different physical
quantities, then the particular reference quantities are used as
internal conversion factor.
Example:
The actual value of the total torque (r0079[0]) is interconnected at a
test socket (e.g. p0771[0]). The actual force value is cyclically con-
verted into a percentage of the reference torque (p2003) and output
corresponding to the selected scaling.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
Nm 1.0 0.01 20000000.0 Floating Point32 POWER ON

Parameters for motion monitoring

p9500 SI Motion monitoring clock cycle (Control Unit)

Sets the monitoring clock cycle for safety motion monitoring functions. Checksum: Protection level:
Yes 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 12 0.5 25 Floating Point32 POWER ON

Using p9500, the monitoring clock cycle for safety--related operation with a higher--
level control is defined. p9500 must be an integer multiple of the position controller
clock cycle. If a value is entered into p9500 that is not an integer multiple of the
position controller clock cycle, then the value entered is rounded--off to the next
multiple (integer multiple) of the position controller clock cycle and Fault F01652
(”SI CU:Monitoring clock cycle not permissible”) is output with fault value 101.

© Siemens AG 2015 All Rights Reserved

8-440 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

Each time that a new connection is established for the clock--cycle synchronous
PROFIBUS, the PROFIBUS master can specify a new position controller clock
cycle; this is the reason that the check ”p9500 multiple integer of the position
controller clock cycle” is repeated. Fault F01652 is output if an error occurs.
The Safety Integrated monitoring clock cycle is, just like all other SI drive para-
meters, a drive--specific monitoring clock cycle. However, different SI monitoring
clock cycles within a drive system are not supported.

p9501 SI Motion enable safe functions (Control Unit)

Sets the enable signals for the safety--related motion monitoring functions Checksum: Protection level:
Bit signal name Yes 3
00 enable SOS/SLS (SBH/SG)
01 enable SLP (SE)
02 enable absolute position
03 enable actual value synchronization
04 enable external ESR activation
05 enable override SLS (SG)
06 enable external STOPs
07 enable cam synchronization
08 enable SCA1+ (SN1+)
09 enable SCA1-- (SN1--)
10 enable SCA2+ (SN2+)
11 enable SCA2-- (SN2--)
12 enable SCA3+ (SN3+)
13 enable SCA3-- (SN3--)
14 enable SCA4+ (SN4+)
15 enable SCA4-- (SN4--)
16 enable SSM (n < nx) hysteresis and filtering
23 enable deactivation SOS/SLS during external STOP A
Note:
In this case, only the external STOP A for the extended functions and not for
the basis functions is taken into account
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 0xFFFF FFFF Unsigned32 POWER ON

The individual SI monitoring functions for a drive are enabled using p9501.
If one of the bits from bit 1 is set, then bit 0 must also be set. This is because for a
STOP C/D/E, the system changes into a safe operating stop. If this is not the case,
Fault F01683 (”SI Motion: SBH/SG enable missing”) is output.

p9502 SI Motion axis type (Control Unit)

Sets the axis type (linear axis or rotary axis/spindle) Checksum: Protection level:
0 = linear axis Yes 3
1 = rotary axis/spindle
For the commissioning software, after the axis type has been changed over, the
units that are dependent on the axis type are only updated after a project
upload.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 1 Integer16 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-441
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9503 SI Motion SCA (SN) enable (Control Unit)

Setting to enable function ”Safe cams ” (SCA). Checksum: Protection level:
Bit signal name Yes 4
00 enable SCA1 (SN1)
01 enable SCA2 (SN2)
02 enable SCA3 (SN3)
03 enable SCA4 (SN4)
04 enable SCA5 (SN5)
05 enable SCA6 (SN6)
06 enable SCA7 (SN7)
07 enable SCA8 (SN8)
08 enable SCA9 (SN9)
09 enable SCA10 (SN10)
10 enable SCA11 (SN11)
11 enable SCA12 (SN12)
12 enable SCA13 (SN13)
13 enable SCA14 (SN14)
14 enable SCA15 (SN15)
15 enable SCA16 (SN16)
16 enable SCA17 (SN17)
17 enable SCA18 (SN18)
18 enable SCA19 (SN19)
19 enable SCA20 (SN20)
20 enable SCA21 (SN21)
21 enable SCA22 (SN22)
22 enable SCA23 (SN23)
23 enable SCA24 (SN24)
24 enable SCA25 (SN25)
25 enable SCA26 (SN26)
26 enable SCA27 (SN27)
27 enable SCA28 (SN28)
28 enable SCA29 (SN29)
29 enable SCA30 (SN30)
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32 POWER ON

The cam pairs 1 to 4 can also be enabled in p9501, bits 8--15. In this case, a 0
must be in p9503. Vice versa, a 0 must be in p9501, bits 8--15 if cams are enabled
in p9503. This is checked during booting and where relevant C01681 (”SI Motion:
Monitoring function not supported”) is output with fault value 2.

p9505 SI Motion SP modulo value (Control Unit)

Sets the modulo range for rotary axes for the ”Safe position” function. Checksum: Protection level:
Yes 4
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
Degrees 0 0 737280 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-442 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9513 SI Motion non--safety--related measuring steps POS1 (CU).

Sets the non--safety--related measuring steps of position value POS1. Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
See also: p0416, r0473, p9313
See also: F01670
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- when booting p9513 is automatically set the same as r0416
The following applies for enabled safety--related functions (p9501 > 0):
-- p9513 is checked to ensure that it matches r0416.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 22000 0 4294967295 Unsigned32 POWER ON

p9514 SI Motion absolute encoder linear measuring steps (CU)

Sets the absolute position resolution for a linear absolute encoder. Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
See also: p0422, r0469, p9314
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- when booting p9514 is automatically set the same as r0422
The following applies for enabled safety--related functions (p9501 > 0):
-- p9514 is checked to ensure that it matches r0422.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
nm 100 0 4294967295 Unsigned32 POWER ON

p9515 SI Motion coarse position value configuration (CU)

Sets the encoder configuration for the redundant coarse position value Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
Bit 00: Up counter
1 signal: Yes, 0 signal: No
Bit 01: Encoder CRC, least significant byte at first
1 signal: Yes, 0 signal: No
Bit 02: Redundant coarse position value most significant bit left--justified
1 signal: Yes, 0 signal: No
Bit 16: DRIVE--CLiQ encoder
1 signal: Yes, 0 signal: No
Bit 17: EnDat 2.2 converter
1 signal: Yes, 0 signal: No
See also: r0474, p9315
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- when booting, p9515.16 is automatically set the same as p0404.10, p9515.17
the same as p0404.8 & 11.
The following applies for enabled safety--related functions (p9501 > 0):
-- p9515.16 is checked to ensure that it matches p0404.10, p9515.17 that it
matches p0404.8 & 11.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-443
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9516 SI Motion, encoder configuration, safety--related functions (CU)

Sets the configuration for encoder and position actual value. Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
Bit 00: Encoder, rotary/linear
1 signal: Linear, 0 signal: Rotary
Bit 01: Actual position value, sign change
1 signal: Yes, 0 signal: No
Bit 04: STOP A after encoder fault for 1--encoder safety
1 signal: no, 0 signal: Yes
See also: p0404, p0410 and F01671
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- p9516.0 is automatically set the same as p0404.0 when the system boots.
-- p9516.1 is automatically set the same as p0410.1 when the system boots.
The following applies for enabled safety--related functions (p9501 > 0):
-- p9516.0 is checked to ensure that it matches p0404.0.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned16 POWER ON

The information whether a 1--encoder system or 2--encoder system is not included

in this parameter. This is derived from the parameter p9526 ”SI Motion encoder
assignment control”.

p9517 SI Motion linear scale grid division (Control Unit)

Sets the grid division for a linear encoder Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
See also: p0407, p9516 and F01671
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- when booting p9517 is automatically set the same as p0407.
The following applies for enabled safety--related functions (p9501 > 0):
-- p9517 is checked to ensure that it coincides with p0407.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
nm 10 000 0 250 000 000 Floating Point32 POWER ON

p9518 SI Motion encoder pulses per revolution (Control Unit)

Sets the number of encoder pulses per revolution for rotary motor encoders. Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
See also: p0418 and F01671
The following applies to safety--related functions that have not been enabled
(p9501 = 0): p9518 is automatically set the same as p0408 during booting.
The following applies for enabled safety--related functions (p9501 > 0): p9518 is
checked to ensure that it coincides with p0408.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
— 2048 0 16777215 Unsigned32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-444 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9519 SI Motion fine resolution G1_XIST1 (Control Unit)

Sets the fine resolution for G1_XIST1 in bits Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
See also: p0418 and F01671
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
when booting, p9519 is automatically set the same as p0418.
The following applies for enabled safety--related functions (p9501 > 0):
p9519 is checked to see that it matches with p0418.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
— 11 2 18 Unsigned32 POWER ON

Sets the fine resolution in bits of incremental position actual values for the
PROFIBUS encoder interface. Corresponds to p0418.

p9520 SI Motion leadscrew pitch (Control Unit)

Sets the ratio between the encoder and load in mm/revolutions for a linear axis Checksum: Protection level:
with rotary encoder Yes 3
Depending on the size of the entered number (from 3 places before the decimal
point) the fourth position after the decimal point can be rounded off.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm 10 0.1 8388 Floating Point32 POWER ON

p9521[0...7] SI Motion gearbox encoder/load denominator (Control Unit)

Sets the denominator for the gearbox between the encoder (or motor for Checksum: Protection level:
encoderless monitoring functions) and load. Yes 3
[0] = gear 1
[1] = gearbox 2
[2] = gearbox 3
[3] = gearbox 4
[4] = gearbox 5
[5] = gearbox 6
[6] = gearbox 7
[7] = gearbox 8
See also: p9522
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 1 1 2 147 000 000 Unsigned32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-445
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9522[0...7] SI Motion gearbox encoder (motor)/load numerator (Control Unit)

Sets the numerator for the gear between the encoder (or motor for encoderless Checksum: Protection level:
monitoring functions) and load. The active gearbox stage can be switched over Yes 3
via PROFIsafe.
[0] = gear 1
[1] = gearbox 2
[2] = gearbox 3
[3] = gearbox 4
[4] = gearbox 5
[5] = gearbox 6
[6] = gearbox 7
[7] = gearbox 8
See also: p9521
The numerator of the gear ratio must be multiplied by the number of pole pairs
for the encoderless monitoring functions.
Example:
Gear ratio 1:4, number of pole pairs (r0313) = 2
----> p9521 = 1, p9522 = 8 (4 x 2)
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 1 1 2 147 000 000 Unsigned32 POWER ON

p9523 SI Motion redundant coarse position value valid bits (CU)

Sets number of valid bits of the redundant coarse position value. Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
See also: r0470, p9323
-- after starting the copy function (p9700 = 57 hex), p9523 is set the same as
r0470.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 9 0 16 Unsigned32 POWER ON

p9524 SI Motion redundant coarse position value fine resolution bits (CU)
Sets the number of bits for the fine resolution of the redundant coarse position Checksum: Protection level:
value. The encoder, which is used for safe motion monitoring on the Control Yes 3
Unit must be parameterized in this parameter.
See also: r0471
-- after starting the copy function (p9700 = 57 hex), p9524 is set the same as
r0471.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- --2 --16 16 Integer16 POWER ON

p9525 SI Motion redundant coarse position value relevant bits (CU)

Sets the number of relevant bits for the redundant coarse position value. Checksum: Protection level:
The encoder, which is used for safe motion monitoring on the Control Unit must Yes 3
be parameterized in this parameter.
See also: p0414, r0472, p9325
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- when booting p9525 is automatically set the same as r0472
The following applies for enabled safety--related functions (p9501 > 0):
-- p9525 is checked to ensure that it matches r0472.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 16 0 16 Unsigned16 POWER ON

© Siemens AG 2015 All Rights Reserved

8-446 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9526 SI Motion encoder assignment second channel

Sets the number of the encoder that is used in the second channel (control, Checksum: Protection level:
Motor Module) for safe motion monitoring functions. Yes 3
For safety--related motion monitoring functions the redundant safety position
actual value sensing must be activated in the appropriate encoder data set
(p0430.19 = 1).
See also: p0187, p0188, p0189, p0430
For p9526 = 1, the encoder for the closed--loop speed control is used for the
second channel of the motion monitoring functions (1--encoder system). This
setting is only permissible when using a DQI encoder.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 2 1 3 Unsigned32 POWER ON

p9529 SI Motion Gx_XIST1 coarse position safety most significant bit (Control Unit)
Sets the bit number for the safety most significant bit (MSB) of the Gx_XIST1 Checksum: Protection level:
coarse position. Yes 3
The encoder, which is used for safe motion monitoring on the Control Unit must
be parameterized in this parameter.
See also: p0415, r0475, p9329
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- when booting p9529 is automatically set the same as r0475.
The following applies for enabled safety--related functions (p9501 > 0):
-- p9529 is checked to ensure that it coincides with r0475.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 14 0 31 Unsigned16 POWER ON

p9530 SI Motion standstill tolerance (Control Unit)

Sets the tolerance for the ”safe operating stop” function (SOS). Checksum: Protection level:
See also: C01707 Yes 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm 1 0 100 Floating Point32 POWER ON

p9531[0...3] SI Motion SLS (SG) limit values (Control Unit)

Sets the limit values for the ”safely limited speed” function (SLS). Checksum: Protection level:
Index: Yes 3
[0] = limit value SLS1
[1] = limit value SLS2
[2] = limit value SLS3
[3] = limit value SLS4
See also: p9532, p9561, p9563 and C01714
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm/min, rpm 2000 0 1 000 000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-447
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9532[0...15] SI Motion SLS (SG) override factor (Control Unit)

Sets the override factor for the limit value for SLS2 and SLS4 of the function Checksum: Protection level:
”safely limited speed” (SLS). Yes 4
[0] = SLS (SG) override factor 0
[1] = SLS (SG) override factor 1
[2] = SLS (SG) override factor 2
[3] = SLS (SG) override factor 3
[4] = SLS (SG) override factor 4
[5] = SLS (SG) override factor 5
[6] = SLS (SG) override factor 6
[7] = SLS (SG) override factor 7
[8] = SLS (SG) override factor 8
[9] = SLS (SG) override factor 9
[10] = SLS (SG) override factor 10
[11] = SLS (SG) override factor 11
[12] = SLS (SG) override factor 12
[13] = SLS (SG) override factor 13
[14] = SLS (SG) override factor 14
[15] = SLS (SG) override factor 15
See also: p9501, p9531
The actual override factor for SLS2 and SLS4 is selected using safety--related
inputs (SGE).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
% 100 0 100 Floating Point32 POWER ON

p9534[0...1] SI Motion SLP (SE) upper limit values (Control Unit)

Sets the upper limit values for the ”safely limited position” function (SLP). Checksum: Protection level:
Index: Yes 3
[0] = limit value SLP1 (SE1)
[1] = limit value SLP2 (SE2)
See also: p9501, p9535, p9562 and C01715
For the setting of these limit values, the following applies:
-- p9534[x] > p9535[x]
-- p9534[x] must lie in the valid traversing range (--737280 ... 737280).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm, degrees 100 000 --2 147 000 2 147 000 Floating Point32 POWER ON

p9535[0...1] SI Motion SLP (SE) lower limit values (Control Unit)

Sets the lower limit values for the ”safely limited position” function (SLP). Checksum: Protection level:
Index: Yes 3
[0] = limit value SLP1 (SE1)
[1] = limit value SLP2 (SE2)
See also: p9501, p9534, p9562 and C01715
For the setting of these limit values, the following applies:
-- p9534[x] > p9535[x]
-- p9534[x] must lie in the valid traversing range (--737280 ... 737280).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm, degrees --100 000 --2 147 000 2 147 000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-448 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9536[0...29] SI Motion SCA (SN) plus cam position (Control Unit)

Sets the plus cam position for the ”Safe cam” function (SCA). Checksum: Protection level:
Index: Yes 4
[0] = cam position SCA1 (SN1)
[1] = cam position SCA2 (SN2)
[2] = cam position SCA3 (SN3)
[3] = cam position SCA4 (SN4)
[4] = cam position SCA5 (SN5)
[5] = cam position SCA6 (SN6)
[6] = cam position SCA7 (SN7)
[7] = cam position SCA8 (SN8)
[8] = cam position SCA9 (SN9)
[9] = cam position SCA10 (SN10)
[10] = cam position SCA11 (SN11)
[11] = cam position SCA12 (SN12)
[12] = cam position SCA13 (SN13)
[13] = cam position SCA14 (SN14)
[14] = cam position SCA15 (SN15)
[15] = cam position SCA16 (SN16)
[16] = cam position SCA17 (SN17)
[17] = cam position SCA18 (SN18)
[18] = cam position SCA19 (SN19)
[19] = cam position SCA20 (SN20)
[20] = cam position SCA21 (SN21)
[21] = cam position SCA22 (SN22)
[22] = cam position SCA23 (SN23)
[23] = cam position SCA24 (SN24)
[24] = cam position SCA25 (SN25)
[25] = cam position SCA26 (SN26)
[26] = cam position SCA27 (SN27)
[27] = cam position SCA28 (SN28)
[28] = cam position SCA29 (SN29)
[29] = cam position SCA30 (SN30)
See also: p9501, p9503, p9537
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm, degrees 10 --2 147 000 2 147 000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-449
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9537[0...29] SI Motion SCA (SN) minus cam position (Control Unit)

Sets the minus cam position for the ”Safe cam” function (SCA). Checksum: Protection level:
Index: Yes 4
[0] = cam position SCA1 (SN1)
[1] = cam position SCA2 (SN2)
[2] = cam position SCA3 (SN3)
[3] = cam position SCA4 (SN4)
[4] = cam position SCA5 (SN5)
[5] = cam position SCA6 (SN6)
[6] = cam position SCA7 (SN7)
[7] = cam position SCA8 (SN8)
[8] = cam position SCA9 (SN9)
[9] = cam position SCA10 (SN10)
[10] = cam position SCA11 (SN11)
[11] = cam position SCA12 (SN12)
[12] = cam position SCA13 (SN13)
[13] = cam position SCA14 (SN14)
[14] = cam position SCA15 (SN15)
[15] = cam position SCA16 (SN16)
[16] = cam position SCA17 (SN17)
[17] = cam position SCA18 (SN18)
[18] = cam position SCA19 (SN19)
[19] = cam position SCA20 (SN20)
[20] = cam position SCA21 (SN21)
[21] = cam position SCA22 (SN22)
[22] = cam position SCA23 (SN23)
[23] = cam position SCA24 (SN24)
[24] = cam position SCA25 (SN25)
[25] = cam position SCA26 (SN26)
[26] = cam position SCA27 (SN27)
[27] = cam position SCA28 (SN28)
[28] = cam position SCA29 (SN29)
[29] = cam position SCA30 (SN30)
See also: p9501, p9503, p9537
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm, degrees --10 --2 147 000 2 147 000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-450 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9538[0...29] SI Motion SCA (SN) cam track assignment (Control Unit)

Assigns the individual cams to a maximum of 4 cam tracks and defines the Checksum: Protection level:
numerical value for the SGA ”cam range”. Yes 4
p9538[0...29] = CBA dec
C = assigns the cam to the cam track.
Valid values are 1, 2, 3, 4.
BA = numerical value for the SGA ”cam range”.
If the position is in the range of this cam, value BA is signaled to the safety logic
via SGA ”cam range” of the cam track that is set using C.
Valid values are 0 ... 14. Every numerical value can only be used once for each
cam track.
Examples:
p9538[0] = 207
Cam 1 (index 0) is assigned to cam track 2. If the position is in the range of this
cam, then a value of 7 is entered into SGA ”cam range” of the second cam
track.
p9538[5] = 100
Cam 6 (index 5) is assigned to cam track 1. If the position is in the range of this
cam, then a value of 0 is entered into SGA ”cam range” of the first cam track.
Index:
[0] = track assignment SCA1
[1] = track assignment SCA2
[2] = track assignment SCA3
[3] = track assignment SCA4
[4] = track assignment SCA5
[5] = track assignment SCA6
[6] = track assignment SCA7
[7] = track assignment SCA8
[8] = track assignment SCA9
[9] = track assignment SCA10
[10] = track assignment SCA11
[11] = track assignment SCA12
[12] = track assignment SCA13
[13] = track assignment SCA14
[14] = track assignment SCA15
[15] = track assignment SCA16
[16] = track assignment SCA17
[17] = track assignment SCA18
[18] = track assignment SCA19
[19] = track assignment SCA20
[20] = track assignment SCA21
[21] = track assignment SCA22
[22] = track assignment SCA23
[23] = track assignment SCA24
[24] = track assignment SCA25
[25] = track assignment SCA26
[26] = track assignment SCA27
[27] = track assignment SCA28
[28] = track assignment SCA29
[29] = track assignment SCA30
See also: p9501, p9503 and F01681

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-451
Data Description 10/15
8.2 Parameters for SINAMICS S120

Unit: Default value: Minimum value: Maximum value: Data type: Effective:
[0] 100 100 414 Unsigned32 POWER ON
[1] 101
[2] 102
[3] 103
[4] 104
[5] 105
[6] 106
[7] 107
[8] 108
[9] 109
[10] 110
[11] 111
[12] 112
[13] 113
[14] 114
[15] 200
[16] 201
[17] 202
[18] 203
[19] 204
[20] 205
[21] 206
[22] 207
[23] 208
[24] 209
[25] 210
[26] 211
[27] 212
[28] 213
[29] 214

p9540 SI Motion SCA (SN) tolerance (Control Unit)

Sets the tolerance for the ”Safe cam” function (SCA). Checksum: Protection level:
Within this tolerance, both monitoring channels may signal different signal sta- Yes 4
tes of the same safe cam.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
Degrees 0.1 0.001 10 degrees Floating Point32 POWER ON

p9542 SI Motion actual value comparison tolerance (crosswise) (Control Unit)

Sets the tolerance for the crosswise comparison of the actual position between Checksum: Protection level:
the two monitoring channels Yes 3
See also: C01711
For a linear axis, the tolerance is internally limited to 10 mm.
The default setting of p9542 corresponds, for a configuration for ”linear axis
with rotary motor” and default setting of p9520, p9521 and p9522, to a position
tolerance on the motor side of 36°.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm 0.1 0.001 360 mm Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-452 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9544 SI Motion actual value comparison tolerance (referencing) (Control Unit)

Sets the tolerance in mm or Degrees to check the actual values after Checksum: Protection level:
referencing (incremental encoder) or when powering--up (absolute encoder). Yes 4
See also: C01711
For linear axes, the maximum value is limited to 1 mm.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm, degrees 0.01 0 36 mm or Floating Point32 POWER ON
36 degrees

p9545 SI Motion SSM (SGA n<nx) filter time) (Control Unit)

Sets the filter time for the SSM feedback signal to detect standstill (n < nx). Checksum: Protection level:
The filter time is only effective when the function has been enabled (p9501.16 = Yes 3
1). The parameter is contained in the crosswise data comparison of the two
monitoring channels.
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 0.00 0.00 100.00 Floating Point32 POWER ON

p9546 SI Motion SSM (SGA n < nx) speed limit (Control Unit)
Sets the speed limit for the SSM feedback signal to detect standstill (n < nx). Checksum: Protection level:
If this limit value is fallen below, the signal ”SSM feedback signal active” (SGA Yes 3
n < n_x) is set.
For p9568 = 0, the value in p9546 is also valid for the function ”SAM”.
For p9506 = 3, the following applies: If the value falls below the set threshold,
the function ”safe acceleration monitoring” SAM is deactivated.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm/min 20 0 1000 000 Floating Point32 POWER ON
rpm

p9547 SI Motion SSM (SGA n < nx) speed hysteresis (CU)

Sets the velocity hysteresis for the SSM feedback signal to detect standstill (n Checksum: Protection level:
< nx). Yes 3
See also: C01711
The velocity hysteresis is only effective when the function has been enabled
(p9501.16 = 1).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm/min 10.0000 0.0010 500.0000 Floating Point32 POWER ON
rpm

p9548 SI Motion SBR actual speed tolerance (Control Unit)

Sets the velocity tolerance for the ”safe acceleration monitoring” (SAM) Checksum: Protection level:
See also: C01706 Yes 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm/min 300 0 120 000 Floating Point32 POWER ON
rpm

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-453
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9549 SI Motion slip velocity tolerance (Control Unit)

Sets the velocity tolerance, which is applied for a 2--encoder system in a cross- Checksum: Protection level:
wise comparison between the two monitoring channels. Yes 3
See also: p9501, p9542
If the ”actual value synchronization” is not enabled (p9501.3 = 0), then the
value parameterized in p9542 is used as tolerance in the crosswise data
comparison.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm/min 6 0 6000 Floating Point32 POWER ON
rpm

p9550 SI Motion SGE changeover tolerance time (Control Unit)

Sets the tolerance time to change over the safety--related inputs (SGE) Checksum: Protection level:
Yes 4
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 500 0 10 000 Floating Point32 POWER ON

p9551 SI Motion SLS(SG) changeover /SOS(SBH) delay time (CU)

Sets the delay time for the SLS changeover and for the activation of SOS for Checksum: Protection level:
the functions ”Safely limited speed”(SLS) and ”Safe operating stop” (SOS). Yes 3
At the transition from a higher to a lower safely limited speed stage and when
activating a safe operating stop (SOS), the ”old” speed stage remains active for
this delay time.
Also from non safety--related operation, when SLS or SOS is activated, this
delay still applies.
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 100 0 600 000 Floating Point32 POWER ON

p9552 SI Motion transition time STOP C to SOS (SBH) (Control Unit)

Sets the transition time from STOP C to ”Safe Operating Stop” (SOS). Checksum: Protection level:
The set time is internally rounded off to an integer multiple of the monitoring Yes 3
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 100 0 600 000 Floating Point32 POWER ON

p9553 SI Motion transition time STOP D to SOS (SBH) (Control Unit)

Sets the transition time from STOP D to ”Safe Operating Stop” (SOS) Checksum: Protection level:
The set time is internally rounded off to an integer multiple of the monitoring Yes 3
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 100 0 600 000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-454 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9554 SI Motion transition time STOP E to SOS (SBH) (Control Unit)

Sets the transition time from STOP E to ”Safe Operating Stop” (SOS) Checksum: Protection level:
See also: p9354 Yes 4
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 100 0 600 000 Floating Point32 POWER ON

p9555 SI Motion transition time STOP F to STOP B (Control Unit)

Sets the transition time from STOP F to STOP B Checksum: Protection level:
See also: C01711 Yes 3
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 0 0 600 000 Floating Point32 POWER ON

p9556 SI Motion STOP A delay time (Control Unit)

Sets the delay time for the safe pulse cancellation after STOP B Checksum: Protection level:
This parameter has no effect for encoderless motion monitoring functions with Yes 3
safe braking ramp monitoring (p9506 = 1), and at the same time enabled OFF3
ramp (p9507.3 = 0).
See also: p9560 and C01701
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 100 0 600 000 Floating Point32 POWER ON

p9557 SI Motion STO test time (Control Unit)

Sets the time after which STO must be active after initiating the test stop. Checksum: Protection level:
See also: C01798 Yes 3
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 100 0 10 000 Floating Point32 POWER ON

p9558 SI Motion acceptance test mode time limit (Control Unit)

Sets the maximum time for the acceptance test mode. Checksum: Protection level:
If the acceptance test mode lasts longer than the selected time limit, then the Yes 3
mode is automatically exited.
See also: C01799
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 40 000 5 000 100 000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-455
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9560 SI Motion STO shutdown velocity/shutdown speed (CU)

Sets the shutdown velocity/shutdown speed for activating STO. ”Standstill” Checksum: Protection level:
is assumed below this velocity/speed, and for STOP B / SS1, and STO is Yes 3
selected.
See also: p9556
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm/min, 0 0 6000 Floating Point32 POWER ON
rpm

p9561 SI Motion SLS (SG) stop response (Control Unit)

Sets the stop response for the ”safely limited speed” function (SLS). Checksum: Protection level:
This setting applies to all SLS limit values. Yes 4
An input value of less than 5 signifies protection for personnel, from 10 and
onwards, machine protection.
This parameter can only be used for SINUMERIK Safety Integrated.
0: STOP A
1: STOP B
2: STOP C
3: STOP D
4: STOP E
5: Set the stop response using p9563 (SG--specific)
10: STOP A with delayed pulse cancellation when the bus fails
11: STOP B with delayed pulse cancellation when the bus fails
12: STOP C with delayed pulse cancellation when the bus fails
13: STOP D with delayed pulse cancellation when the bus fails
14: STOP E with delayed pulse cancellation when the bus fails
See also: p9563, p9580
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 5 0 14 Integer16 POWER ON

p9562 SI Motion SLP (SE) stop response (Control Unit)

Sets the stop response for the ”safely limited position” function (SLP). Checksum: Protection level:
0: STOP A Yes 3
1: STOP B
2: STOP C
3: STOP D
4: STOP E
10: STOP A with delayed pulse cancellation when the bus fails
11: STOP B with delayed pulse cancellation when the bus fails
12: STOP C with delayed pulse cancellation when the bus fails
13: STOP D with delayed pulse cancellation when the bus fails
14: STOP E with delayed pulse cancellation when the bus fails
[0] = limit value SLP1 (SE1)
[1] = limit value SLP2 (SE2)
Here, in a wider sense, bus failure should be understood as a communication
error in the control signals of the safety functions.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 2 0 14 Integer16 POWER ON

© Siemens AG 2015 All Rights Reserved

8-456 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9563[0...3] SI Motion SLS(SG)--specific stop response (Control Unit)

Sets the SLS--specific stop response for the ”safely limited speed” Checksum: Protection level:
function (SLS). Yes 3
These settings apply to the individual limit values for SLS.
An input value of less than 5 signifies protection for personnel, from 10 and
onwards, machine protection.
0: STOP A
1: STOP B
2: STOP C
3: STOP D
4: STOP E
10: STOP A with delayed pulse cancellation when the bus fails
11: STOP B with delayed pulse cancellation when the bus fails
12: STOP C with delayed pulse cancellation when the bus fails
13: STOP D with delayed pulse cancellation when the bus fails
14: STOP E with delayed pulse cancellation when the bus fails
Index:
[0] = limit value SLS1
[1] = limit value SLS2
[2] = limit value SLS3
[3] = limit value SLS4
See also: p9561, p9580
Here, in a wider sense, bus failure should be understood as a communication
error in the control signals of the safety functions.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 2 0 14 Integer16 POWER ON

p9567 SI Motion switchover time to SOS (Control Unit)

Sets the switchover speed to SOS. Checksum: Protection level:
Below this speed limit, when transitioning to SOS, it is assumed that the drive is Yes 3
at a standstill.
The transition times from STOP C, D, E and the delay time for SOS selection
are canceled when this speed threshold is fallen below. The wait time from
p9569 is started, and after it expires, SOS becomes active.
For a STOP C, this changeover speed is the sole criterion for prematurely acti-
vating an SOS. In the other cases mentioned here, correct braking must first
have been signaled.
See also: p9501, p9551, p9552, p9553, p9554
Note:
With p9567 = 0, the shortened wait time when transitioning to SOS is deacti-
vated.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm/min 0.00 0.00 1000.00 Floating Point32 POWER ON:

p9569 SI Motion transition to SOS after standstill (Control Unit)

Setting the transition time to SOS after standstill. Checksum: Protection level:
If, when transitioning to SOS, standstill is detected, (p9567), then SOS Yes 3
becomes active at the latest after this transition time. This case, the transition
times from STOP C, D, E and the delay time for SOS selection are canceled.
See also: p9551, p9552, p9553, p9554, p9567
Note:
The time set in p9569 is only effective for p9567 > 0.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 100.00 0.00 10000.00 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-457
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9570 SI Motion acceptance test mode (Control Unit)

Setting to select/deselect the acceptance test mode Checksum: Protection level:
0: [00 hex] deselect acceptance test mode No 3
172: [AC hex] select acceptance test mode
See also: p9558, r9571 and C01799
The acceptance test mode can only be selected if the safe motion monitoring
functions are enabled.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 00AC hex Integer16 immediately

r9571 SI Motion acceptance test status (Control Unit)

Displays the status of the acceptance test mode Checksum: Protection level:
0: [00 hex] accept_mode inactive No 3
12: [0C hex] accept_mode not possible due to POWER ON fault
13: [0D hex] accept_mode is not possible due to incorrect identifier in p9570
15: [0F hex] accept_mode not possible due to expired accept_timer
172: [AC hex] accept_mode active
See also: p9558, p9570 and C01799
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 0xAC Integer16 --

p9580 SI Motion STO delay after bus failure (Control Unit)

Sets the wait time, which after bus failure, STO is performed. Checksum: Protection level:
See also: p9561, p9563 Yes 3
Here, in a wider sense, bus failure should be understood as a communication
error in the control signals of the safety functions.
The main use of the waiting time is the ESR function (extended stop and
retract).
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 0 0 800 Floating Point32 POWER ON

r9590[0...3] SI Motion version safe motion monitoring (Control Unit)

Displays the Safety Integrated version for safe motion monitoring functions on Checksum: Protection level:
the Control Unit. No 3
[0] = Safety Version (major release)
[1] = Safety Version (minor release)
[2] = Safety Version (baselevel or patch)
[3] = Safety Version (hotfix)
Example:
r9590[0] = 2, r9590[1] = 60, r9590[2] = 1, r9590[3] = 0
----> SI Motion version V02.60.01.00
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

© Siemens AG 2015 All Rights Reserved

8-458 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

Parameters for basic safety functions integrated in the drive

These parameters are also relevant for the motion monitoring functions as the safe
standstill is carried out by monitoring functions integrated in the drive. See Chapter
6.1 ”Safe standstill (SH)”.

p9601 SI enable functions integrated in the drive (Control Unit)

Sets the enable signals for safety functions integrated in the drive on the Checksum: Protection level:
Control Unit Yes 3
The following settings are permissible:
0000 hex:
Drive--integrated safety functions inhibited (no safety function).
0001 hex:
Basis functions via onboard terminals are enabled (permissible for r9771.0 = 1).
Bit signal name
00 enable STO (SH) via terminals (CU)
1 signal: Enable, 0 signal: Lock
See also: p9801
Note:
A change always only becomes effective after POWER ON. Exception:
Changes to p9601.0 become effective immediately.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 0000 bin -- -- Unsigned32 When exiting the
SI--commission-
ing mode

It is permissible to simultaneously enable the safety functions integrated in the

drive (p9601/p9801 < > 0) and the motion monitoring functions (p9501 < > 0).
See also: p9801

p9602 SI enable safe brake control (Control Unit)

Sets the enable signal for the function safe brake control (SBC) on the Control Checksum: Protection level:
Unit. Yes 3
0: Inhibit SBC
1: Enable SBC
See also: p9802
The ”safe brake control” function only becomes active if at least one safety
monitoring function is enabled (i.e. p9501 not equal to 0 and/or p9601 not equal
to 0).
If a motor holding brake is not being used then it does not make any sense to
enable the parameterization ”no motor holding brake available” and ”safe brake
control” (p1215 = 0, p9602 = p9802 = 1).
The parameterization ”motor holding brake the same as sequence control,
connection via BICO” and ”safe brake control” enabled (p1215 = 3, p9602 = 1,
p9802 = 1) does not make sense.
The parameterization ”motor holding brake without feedback signals” and ”safe
brake control” enabled (p1278 = 1, p9602 = 1, p9802 = 1) is not permissible.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 1 Integer16 When exiting the
SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-459
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9620 BI: SI signal source for STO (SH)/SBC/SS1 (Control Unit)

Sets the signal source for the following functions on the Control Unit: Checksum: Protection level:
STO: Safe Torque Off / SH: Safe standstill Yes 3
SBC: Safe Brake Control
SS1: Safe Stop 1 (SS1, time monitored)
See also: p9601
Note: The following signal sources are permitted:
-- fixed zero (default setting)
-- digital inputs DI 0 to DI 7 on the Control Unit NCU7xx.
-- digital inputs DI 0 to DI 3 on the Controller Extensions (CX32, NX10, NX15).
-- digital inputs DI 0 to DI 3 on the Control Unit 310 (CU310).
It is not permitted to interconnect to a digital input is in simulation mode.
When connecting n power sections in parallel, the following applies:
p9620[0] = signal source for power unit 1
...
p9620[n--1] = signal source for power unit n
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32 When exiting the
SI--commission-
ing mode

p9621 BI: SI Safe Brake Adapter signal source (Control Unit)

Setting of the signal source for the Safe Brake Adapter (SBA). Checksum: Protection level:
This therefore defines via which digital input the Safe Brake Adapter checkback Yes 3
signal (SBA_DIAG) is read in.
p9621/p9821 = 0:
no Safe Brake Control (SBC) available with Safe Brake Adapter (SBA).
p9621/p9821 = r0722.x (x = 0, 1 ... 7)
Safe Brake Adapter and booksize unit (no Communication Interface Module
(CIM)).
p9621/p9821 = r9872.3
Safe Brake Adapter and chassis unit(CIM).
See also: p9601, p9602, p9821
For a crosswise data comparison between p9621 and p9821, no difference is
tolerated.
The following must apply when using the ”Safe Brake Adapter” function:
p9601 = p9801 <> 0 and p9602 = p9802 = 1
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32 When exiting the
SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

8-460 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9622[0...1] SI SBA relay wait times (Control Unit)

Setting the wait times for switching on and switching off the Safe Brake Adapter Checksum: Protection level:
relay. Yes 3
The relay--specific minimum wait times to evaluate the feedback signal contacts
must be set. For a relay, these differ when switching on and switching off.
[0] = wait time, switching on
[1] = wait time, switching off
See also: p9822
For a crosswise data comparison between p9622 and p9822, a difference of
one safety monitoring clock cycle is tolerated. The parameterized time is
internally rounded--off to an integer multiple of the monitoring clock cycle.
For index 0:
Wait time switch on = drop--out time + bounce time NO contact + effect of the
freewheeling diode in the Safe Brake Adapter
For index 1:
Wait time switch off = response time + bounce time NC contact + effect of the
freewheeling diode in the Safe Brake Adapter
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms [0] 100 0 1000 Floating Point32 When exiting the
[1] 65 SI--commission-
ing mode

p9625[0...1] SI HLA shutoff valve wait time (CU)

Sets the wait times for switching on and switching off the shutoff valve. Checksum: Protection level:
The valve--specific minimum wait times to evaluate the feedback signal Yes 3
contacts must be set.
[0] = wait time, switching on
[1] = wait time, switching off
See also: p9825
Note:
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (r9780/r9880).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms [0] 250.00 0.00 2000.00 Floating Point32 When exiting the
[1] 250.00 SI--commission-
ing mode

p9626[0...1] SI HLA shutoff valve feedback contacts configuration (CU)

Sets the feedback signal contacts of the shutoff valve to be monitored. Checksum: Protection level:
The sensors for the feedback signals of the shutoff valves are connected via Yes 3
X281/X282.
0: NC contact/NO contact (NC/NO)
1: NC contact / NC contact (NC/NC)
2: NO contact/NO contact (NO/NO)
4: Normally closed contact (NC)
5: Normally open contact (NO)
See also: p9826
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
0 0 5 Integer16 When exiting the
SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-461
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9650 SI SGE switchover discrepancy time (Control Unit)

Sets the discrepancy time to change over the safety--relevant inputs (SGE) on Checksum: Protection level:
the Control Unit. Yes 3
Because of the different runtimes of the two monitoring channels, an SIS
switchover is not effective at the same time. After an SGE switchover, a cross--
comparison of the dynamic data is not carried out during this discrepancy time.
See also: p9850
For a crosswise data comparison between p9650 and p9850, a difference of
one safety monitoring clock cycle is tolerated. The parameterized time is
internally rounded--off to an integer multiple of the monitoring clock cycle.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 500 0 2 000.00 Floating Point32 When exiting the
SI--commission-
ing mode

p9651 SI STO/SBC/SS1 debounce time (Control Unit)

Setting the debounce time for the fail--safe digital inputs to control STO/SBC/ Checksum: Protection level:
SS1. Yes 3
The debounce time is rounded--off to whole milliseconds. It specifies the maxi-
mum duration of a fault pulse at the fail--safe digital inputs with no associated
reaction on the selection or deselection of the Safety Basic functions.
Example:
Debounce time = 1 ms: Interference pulses of 1 ms are filtered, only pulses
longer than 2 ms are processed.
Debounce time = 3 ms: Interference pulses of 3 ms are filtered, only pulses
longer than 4 ms are processed.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 0.00 0.00 100.00 Floating Point32 When exiting the
SI--commission-
ing mode

p9652 SI Safe Stop 1 delay time (Control Unit)

Sets the delay time for STO for the function ”Safe Stop 1” (SS1) on the Control Checksum: Protection level:
Unit to brake along the OFF3 down ramp (p1135). Yes 3
So that the drive is able to travel along the OFF3 ramp completely before
transition into STO, the delay time should be set as follows:
Delay time >= p1135 + p1228
See also: p1135, p9852
For a crosswise data comparison between p9652 and p9852, a difference of
one safety monitoring clock cycle is tolerated.
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (r9780/r9880).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
s 0.00 0.00 300.00 Floating Point32 When exiting the
SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

8-462 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9653 SI Safe Stop 1 drive--based braking response

Sets the drive--autonomous braking response for the ”Safe Stop 1” (SS1). Checksum: Protection level:
Value: 0: SS1 with OFF3 Yes 3
Value 1: SS1E external stop
Note:
SS1: Safe Stop 1 (safe stop 1, corresponds to stop Category 1 according to
EN60204)
SS1E: Safe Stop 1 external (safe stop 1 with external stop)
SS1E requires the externally initiated stop for conformance with stop
Category 1.
This parameter is used to to switch over from SS1 to SS1E and to deactivate
the braking response (drive--based) of function SS1 (time controlled) of the
Basic Functions.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
0 0 1 Integer16 When exiting the
SI--commission-
ing mode

p9658 SI transition time STOP F to STOP A (Control Unit)

Sets the transition time from STOP F to STOP A on the Control Unit. Checksum: Protection level:
See also: r9795, p9858 and F01611 Yes 3
For a crosswise data comparison between p9658 and p9858, a difference of
one safety monitoring clock cycle is tolerated.
The parameterized time is internally rounded--off to an integer multiple of the
monitoring clock cycle.
STOP F: Defect in a monitoring channel (error in the CDC)
STOP A: Pulse deletion via safety shutdown path
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 0 0 30 000.00 Floating Point32 When exiting the
SI--commission-
ing mode

p9659 SI forced checking procedure timer

Sets the time interval to carry out the dynamic update and to test the safety Checksum: Protection level:
shutdown paths (forced checking procedure). Yes 3
Within the parameterized time, STO must have been deselected at least once.
The monitoring time is reset at every STO deselection.
See also: A01699
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
h 8 0 9 000 Floating Point32 When exiting the
SI--commission-
ing mode

r9660 SI forced checking procedure remaining time

Displays the remaining time until the forced checking procedure and testing the Checksum: Protection level:
safety switch--off signal paths. No 3
See also: A01699
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
h -- -- Floating Point32 immediately

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-463
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9697 SI Motion bus failure STO/SH delay time (CU)

Sets the delay time for STO after bus failure on the Control Unit (e.g. used for Checksum: Protection level:
ESR). Yes 3
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 0 0 800 Real32 When exiting the
SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

8-464 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

General diagnostic parameters on the CU

r9710[0...1] SI Motion diagnostics results list 1

Display of result list 1 which led to an error for a crosswise data comparison Checksum: Protection level:
between the two monitoring channels. No 3
[0]: Result list second channel
[1]: Result list drive
Bit 00: Actual value > upper limit SOS
1 signal: Yes, 0 signal: No
Bit 01: Actual value > lower limit SOS
1 signal: Yes, 0 signal: No
Bit 02: Actual value > upper limit SLP1 (SE1)
1 signal: Yes, 0 signal: No
Bit 03: Actual value > lower limit SLP1 (SE1)
1 signal: Yes, 0 signal: No
Bit 04: Actual value > upper limit SLP2 (SE2)
1 signal: Yes, 0 signal: No
Bit 05: Actual value > lower limit SLP2 (SE2)
1 signal: Yes, 0 signal: No
Bit 06: Actual value > upper limit SLS1 (SG1)
1 signal: Yes, 0 signal: No
Bit 07: Actual value > lower limit SLS1 (SG1)
1 signal: Yes, 0 signal: No
Bit 08: Actual value > upper limit SLS2 (SG2)
1 signal: Yes, 0 signal: No
Bit 09: Actual value > lower limit SLS2 (SG2)
1 signal: Yes, 0 signal: No
Bit 10: Actual value > upper limit SLS3 (SG3)
1 signal: Yes, 0 signal: No
Bit 11: Actual value > lower limit SLS3 (SG3)
1 signal: Yes, 0 signal: No
Bit 12: Actual value > upper limit SLS4 (SG4)
1 signal: Yes, 0 signal: No
Bit 13: Actual value > lower limit SLS4 (SG4)
1 signal: Yes, 0 signal: No
Bit 16: Actual value > upper limit SAMSBR
1 signal: Yes, 0 signal: No
Bit 17: Actual value > lower limit SAM/SBR
1 signal: Yes, 0 signal: No
Bit 18: Actual value > upper limit SDI positive
1 signal: Yes, 0 signal: No
Bit 19: Actual value > lower limit SDI positive
1 signal: Yes, 0 signal: No
Bit 20: Actual value > upper limit SDI negative
1 signal: Yes, 0 signal: No
Bit 21: Actual value > lower limit SDI negative
1 signal: Yes, 0 signal: No
See also: C01711
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-465
Data Description 10/15
8.2 Parameters for SINAMICS S120

r9711[0...1] SI Motion diagnostics results list 2

Display of result list 2, which led to an error between the two monitoring chan- Checksum: Protection level:
nels for a crosswise data comparison. No 3
[0]: Result list second channel
[1]: Result list drive
Bit 00 actual value > upper limit SCA1+ (SN1+)
1 signal: Yes, 0 signal: No
Bit 01 actual value > lower limit SCA1+ (SN1+)
1 signal: Yes, 0 signal: No
Bit 02 actual value > upper limit SCA1-- (SN1--)
1 signal: Yes, 0 signal: No
Bit 03 actual value > lower limit SCA1-- (SN1--)
1 signal: Yes, 0 signal: No
Bit 04 actual value > upper limit SCA2+ (SN2+)
1 signal: Yes, 0 signal: No
Bit 05 actual value > lower limit SCA2+ (SN2+)
1 signal: Yes, 0 signal: No
Bit 06 actual value > upper limit SCA2-- (SN2--)
1 signal: Yes, 0 signal: No
Bit 07 actual value > lower limit SCA2-- (SN2--)
1 signal: Yes, 0 signal: No
Bit 08 actual value > upper limit SCA3+ (SN3+)
1 signal: Yes, 0 signal: No
Bit 09 actual value > lower limit SCA3+ (SN3+)
1 signal: Yes, 0 signal: No
Bit 10 actual value > upper limit SCA3-- (SN3--)
1 signal: Yes, 0 signal: No
Bit 11 actual value > lower limit SCA3-- (SN3--)
1 signal: Yes, 0 signal: No
Bit 12 actual value > upper limit SCA4+ (SN4+)
1 signal: Yes, 0 signal: No
Bit 13 actual value > lower limit SCA4+ (SN4+)
1 signal: Yes, 0 signal: No
Bit 14 actual value > upper limit SCA4-- (SN4--)
1 signal: Yes, 0 signal: No
Bit 15 actual value > lower limit SCA4-- (SN4--)
1 signal: Yes, 0 signal: No
Bit 16 actual value > upper limit SSM+ (nx+)
1 signal: Yes, 0 signal: No
Bit 17 actual value > lower limit SSM+ (nx+)
1 signal: Yes, 0 signal: No
Bit 18 actual value > upper limit SSM-- (nx --)
1 signal: Yes, 0 signal: No
Bit 19 actual value > lower limit SSM-- (nx --)
1 signal: Yes, 0 signal: No
Bit 20 actual value > upper limit modulo
1 signal: Yes, 0 signal: No
Bit 21 actual value > lower limit modulo
1 signal: Yes, 0 signal: No
See also: C01711
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9712 CO: SI Motion diagnostics position actual value motor side

Display of the actual position actual value on the motor side for the motion Checksum: Protection level:
monitoring functions on the Control Unit. No 3
The display is updated in the safety monitoring cycle clock.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

8-466 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9713 CO: SI Motion diagnostics position actual value load side

Displays the actual position actual value on the load side of the two monitoring Checksum: Protection level:
channels and their difference. No 3
For rotary axes, the following units apply: Millidegrees
[0] = load side actual value on the Control Unit
[1] = load side actual value on the second channel
[2] = load side actual value difference Control Unit -- second channel
[3] = load side maximum actual value difference, CU -- second channel
See also: r9708, r9724
The values of this parameter are displayed in r9708 with unit (mm or grad).
For index 0:
The display of the load side position actual value on the Control Unit is updated
in the monitoring clock cycle.
For index 1:
The display of the load side position actual value on the second channel is
updated in the crosswise data comparison clock cycle (r9724) and is realized,
delayed by one crosswise data comparison clock cycle.
For index 2:
The difference between the load side position actual value on the Control Unit
and the load side position actual value on the second channel is updated in the
crosswise data comparison clock cycle (r9724) and is realized, delayed by one
crosswise data comparison clock cycle.
For index 3:
The maximum difference between the load side position actual value on the
Control Unit and the load side position actual value on the second channel.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9714[0...2] SI Motion diagnostics velocity actual value load side

Displays the actual load side speed value for the motion monitoring functions Checksum: Protection level:
on the Control Unit. No 3
[0] = load side actual velocity value on the Control Unit
[1] = actual SAM/SBR velocity limit on the Control Unit
See also: r9732
For a linear axis, the following units apply: Millimeters per minute
For rotary axes, the following units apply: Revolutions per minute
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Integer32 --

r9718.23 CO/BO: SI Motion control signals 1

Control signals 1 for the safe motion monitoring functions. Checksum: Protection level:
Bit 23: Set offset for travel to fixed stop to the actual torque / current force No 4
1 signal: Set, 0 signal: Reset
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-467
Data Description 10/15
8.2 Parameters for SINAMICS S120

r9719.0...31 CO/BO: SI Motion control signals 2

Control signals 2 for the safe motion monitoring functions. Checksum: Protection level:
Bit signal name No 3
00 deselect SOS/SLS (SBH/SG) 1 signal: Yes, 0 signal: No
01 deselect SOS (SBH) 1 signal: Yes, 0 signal: No
03 select SLS (SG) bit 0, 1 signal: Set, 0 signal: Not set
04 select SLS (SG) bit 1, 1 signal: Set, 0 signal: Not set
08 gear selection bit 0, 1 signal: Set, 0 signal: Not set
09 gear selection bit 1, 1 signal: Set, 0 signal: Not set
10 gear selection bit 2, 1 signal: Set, 0 signal: Not set
12 select SLP (SE) 1 signal: SLP2 (SE2), 0 signal: SLP1 (SE1)
13 close brake from control 1 signal: Yes, 0 signal: No
15 select test stop 1 signal: Yes, 0 signal: No
16 SGE valid 1 signal: Yes, 0 signal: No
18 deselect external STOP A, 1 signal: Yes, 0 signal: No
19 deselect external STOP C, 1 signal: Yes, 0 signal: No
20 deselect external STOP D, 1 signal: Yes, 0 signal: No
21 deselect external STOP E, 1 signal: Yes, 0 signal: No
28 SLS (SG) override bit 0, 1 signal: Set, 0 signal: Not set
29 SLS (SG) override bit 1, 1 signal: Set, 0 signal: Not set
30 SLS (SG) override bit 2 1 signal: Set, 0 signal: Not set
31 SLS (SG) override bit 3 1 signal: Set, 0 signal: Not set
re r9719.0 and r9719.1:
These two bits must be considered together.
If SOS/SLS (SBH/SG) is deselected using bit 0, then the assignment of bit 1 is
irrelevant.
If SOS/SLS (SBH/SG) is selected using bit 0, then bit 1 is used to change over
between SOS (SBH) and SLS (SG).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9721.0...15 CO/BO: SI status signals

Status signals for the safety motion monitoring functions. Checksum: Protection level:
Bit signal name No 3
00 SOS or SLS active, 1 signal: Yes, 0 signal: No
01 SOS active, 1 signal: Yes, 0 signal: No
02 pulse enable, 1signal: Deleted, 0 signal: enabled
03 active SLS stage bit 0, 1 signal: Set, 0 signal: Not set
04 active SLS stage bit 1, 1 signal: Set, 0 signal: Not set
05 speed below limit value n_x 1 signal: Yes, 0 signal: No
06 status signals valid, 1 signal: Yes, 0 signal: No
07 safely referenced 1 signal: Yes, 0 signal: No
12 STOP A or B active, 1 signal: Yes, 0 signal: No
13 STOP C active, 1 signal: Yes, 0 signal: No
14 STOP D active, 1 signal: Yes, 0 signal: No
15 STOP E active, 1 signal: Yes, 0 signal: No
This parameter is only supplied with actual values in the case of Safety
Integrated Extended Functions. For Safety Integrated Basic Functions
(STO, SBC, SS1), the value is equal to zero.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

8-468 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9724 SI Motion, cross--check cycle

Displays the crosswise data comparison clock cycle. Checksum: Protection level:
The value specifies the clock cycle time with which each individual CDC value No 3
is compared between the two monitoring channels.
See also: p9500
Crosswise comparison clock cycle = monitoring clock cycle (p9500) * number
of data to be compared crosswise
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms -- -- -- Floating Point32 --

r9725[0..2] SI Motion diagnostics STOP F

Displays the message value that resulted to a STOP F on the drive. Checksum: Protection level:
Value = 0: STOP F was signaled from the Control Unit. No 3
Value = 1 ... 999: Number of the incorrect data for a crosswise data comparison
between the two monitoring channels.
Value >= 1000: Additional diagnostic values of the drive.
For index 1:
Display of the value of the Control Unit, which resulted in the STOP F.
For index 2:
Display of the value of the second channel, which resulted in the STOP F.
Note: The significance of the individual values is described in Alarm 27001 of
the higher--level control.
[0] = message value for a crosswise data comparison
[1] = Control Unit crosswise data comparison actual value
[2] = Component crosswise data comparison actual value
See also: C01711
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

p9726 SI Motion user agreement selection/deselection

Setting to select/deselect the user agreement Checksum: Protection level:
0: [00 hex] deselect user agreement No 3
172: [AC hex] select user agreement
See also: r9727
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex 00AC hex Integer16 immediately

r9727 SI Motion internal drive user agreement

Displays the internal status of the user agreement Checksum: Protection level:
Value = 0: User agreement is not set No 3
Value = AC hex: User agreement is set
See also: p9726
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Integer16

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-469
Data Description 10/15
8.2 Parameters for SINAMICS S120

r9728[0...2] SI Motion actual checksum SI parameters

Displays the checksum over the checked Safety Integrated parameters of the Checksum: Protection level:
motion monitoring functions (actual checksum). No 3
[0]: Checksum over SI parameters for motion monitoring
[1]: Checksum over SI parameters for actual values
[2] = Checksum over SI parameters for HW
See also: p9729 and F01680
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32

p9729[0...2] SI Motion reference checksum SI parameters

Sets the checksum over the checked Safety Integrated parameters of the Checksum: Protection level:
motion monitoring functions (reference checksum). No 3
[0]: Checksum over SI parameters for motion monitoring
[1]: Checksum over SI parameters for actual values
[2] = Checksum over SI parameters for HW
See also: r9728 and F01680
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex 0xFFFF FFFF Unsigned32 POWER ON

r9730 SI Motion safe maximum speed

Displays the maximum safe speed (load side) permissible due to the acquisi- Checksum: Protection level:
tion of actual values for safe motion monitoring functions. No 3
This parameter shows up to which load velocity the safety--relevant encoder
actual values (redundant coarse encoder position) can still be correctly sensed
as a result of the particular encoder parameterization.
This parameter is only of significance when Safety with encoder is enabled
(otherwise ”0”).
Message C01711 is output with the corresponding follow--on errors after the
displayed value has been exceeded.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
rpm -- -- -- Floating Point32 --
mm/min

r9731 SI Motion safe positioning accuracy

Displays the safe position accuracy (load side). Checksum: Protection level:
This is the maximum accuracy that can be achieved as a result of the sensing No 3
of the actual value for the safe motion monitoring functions.
If a second encoder system is being used, the accuracy of the poorer encoder,
as a result of the number of encoder pulses, is displayed.
The parameter is only of significance when Safety with encoder is enabled
(otherwise ”0”).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
Degrees, mm -- -- -- Floating Point32 --

© Siemens AG 2015 All Rights Reserved

8-470 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9732[0...2] SI Motion velocity resolution

Display of the velocity resolution for the safe motion monitoring functions. Checksum: Protection level:
For index 0: No 3
Display of safe velocity resolution (load side). Specifications of velocity limits or
parameter changes for velocities below this threshold have no effect.
For index 1:
Displays the safe speed accuracy as a result of the safe encoder accuracy.
[0] = actual speed resolution
[1] = minimum speed resolution
This parameter does not provide any information about the actual accuracy of
the velocity sensing. This depends on the type of actual value sensing, the gear
factors as well as the quality of the encoder being used.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
1/mm, mm/min -- -- -- Floating Point32 --

r9744 SI message buffer changes counter

Displays the changes of the safety message buffer. Checksum: Protection level:
This counter is incremented every time that the safety message buffer -- 3
changes.
This is used to check whether the safety message buffer has been read out
consistently.
See also r9747, r9748, r9749, p9752, r9754, r9755, r9756, r9759
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

r9745 SI component
Displays the component where the safety message occurred Checksum: Protection level:
Value = 0: An assignment to a component is not possible. -- 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-471
Data Description 10/15
8.2 Parameters for SINAMICS S120

r9747[0...63] SI message code

Displays the number of the safety messages that have occurred. Checksum: Protection level:
See also r9744, r9748, r9749, r9754, p9752, r9753, r9754, r9755, r9756, r9759 -- 3
”Safety message” (Cxxxxx) type messages are entered in the safety message
buffer.
Message buffer structure (principle):
r9747[0], r9748[0], r9749[0], r9753[0], r9754[0], r9755[0], r9756[0] ----> actual
message case, safety message 1
...
r9747[7], r9748[7], r9749[7], r9753[7], r9754[7], r9755[7], r9756[7] ----> actual
message case, safety message 8
r9747[8], r9748[8], r9749[8], r9753[8], r9754[8], r9755[8], r9756[8] ---->
1st acknowledged message case, safety message 1
...
r9747[15], r9748[15], r9749[15], r9753[15], r9754[15], r9755[15], r9756[15] ---->
1st acknowledged message case, safety message 8
...
r9747[56], r9748[56], r9749[56], r9753[56], r9754[56], r9755[56], r9756[56] ---->
7th acknowledged message case, safety message 1
...
r9747[63], r9748[63], r9749[63], r9753[63], r9754[63], r9755[63], r9756[63] ---->
7th acknowledged message case, safety message 8
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

r9748[0...63] SI message time received in milliseconds

Displays the relative system runtime in milliseconds when the safety message Checksum: Protection level:
occurred. -- 3
See also r9744, r9747, r9749, p9752, r9753, r9754, r9755, r9756, p9759
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms -- -- -- Unsigned32 --

r9749[0...63] SI message value

Displays the additional information about the safety message that occurred Checksum: Protection level:
(as integer number). -- 3
See also r9744, r9747, r9748, p9752, r9753, r9754, r9755, r9756, p9759
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9750[0...63] SI diagnostic attributes

Displays the diagnostic attribute of the safety message that has occurred Checksum: Protection level:
Bit 00 hardware replacement recommended -- 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Integer32 --

p9752 SI message cases, counter

Number of safety message cases that have occurred since the last reset. Checksum: Protection level:
The safety message buffer is cleared by resetting the parameter to 0. -- 3
See also r9745, r9748, r9749, r9754, r9755, r9756
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 65535 Unsigned16 immediately

© Siemens AG 2015 All Rights Reserved

8-472 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9753[0...63] SI message value for float values

Displays additional information about the safety message that has occurred for Checksum: Protection level:
float values. -- 3
See also r9744, r9747, r9748, p9752, r9754, r9755, r9756, p9759
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Floating point --

r9754[0...63] SI message time received in days

Displays the relative system runtime in days when the safety message Checksum: Protection level:
occurred. -- 3
See also r9744, r9747, r9748, r7949, p9752, r9753, r9755, r9756, p9759
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
days -- -- -- Unsigned16 --

r9755[0...63] SI message time removed in milliseconds

Displays the relative system runtime in milliseconds when the safety message Checksum: Protection level:
was removed. -- 3
See also r9744, r9747, r9748, r7949, p9752, r9753, r9754, r9756, p9759
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms -- -- -- Unsigned32 --

r9756[0...63] SI message time removed in days

Displays the relative system runtime in days when the safety message was Checksum: Protection level:
removed. -- 3
See also r9744, r9747, r9748, r7949, p9752, r9753,r9754, r9755, p9759
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
days -- -- -- Unsigned16 --

p9761 SI password input

Enters the Safety Integrated password. Checksum: Protection level:
See also: F01659 No 3
It is not permissible to change Safety Integrated parameter settings until the
Safety Integrated password has been entered.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex FFFF FFFF hex Unsigned32 immediately

p9762 SI new password

Enters a new Safety Integrated password. Checksum: Protection level:
If the Safety Integrated password is changed it must be acknowledged in the No 3
following parameter:
See also: p9763
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex FFFF FFFF hex Unsigned32 immediately

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-473
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9763 SI password acknowledgment

Acknowledges the new Safety Integrated password. The new password Checksum: Protection level:
entered into p9762 must be re--entered in order to acknowledge. After success- No 3
fully acknowledged, the new Safety Integrated password is set with
p9762=p9763=0.
See also: p9762
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex FFFF FFFF hex Unsigned32 immediately

r9770[0...3] SI version drive--integrated safety functions (Control Unit)

Displays the Safety Integrated version for the drive--integrated safety functions Checksum: Protection level:
on the Control Unit. No 3
Index 0: Safety Version (major release)
Index 1: Safety Version (minor release)
Index 2: Safety Version (baselevel or patch)
Index 3 = Safety Version (hotfix)
See also: r9870, r9890
Example:
r9770[0] = 2, r9770[1] = 60, r9770[2] = 1, r9770[3] = 0
----> Safety version V02.60.01.00
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

© Siemens AG 2015 All Rights Reserved

8-474 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9771 SI common functions (Control Unit)

Displays the Safety Integrated monitoring functions supported on the Control Checksum: Protection level:
Unit and Motor Module. No 3
The Control Unit determines this display.
Bit 00: STO via terminals is supported
1 signal: Yes, 0 signal: No
Bit 01: SBC supported
1 signal: Yes, 0 signal: No
Bit 02: SS1 delay time active on the control unit active
1 signal: Yes, 0 signal: No
Bit 03: SS1 supported
1 signal: Yes, 0 signal: No
Bit 08: 08 Safe Brake Adapter supported
1 signal: Yes, 0 signal: No
Bit 13: ESR delay of the pulse cancellation supported
1 signal: Yes, 0 signal: No
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9773.0...31 CO/BO: SI Status (Control Unit + Hydraulic Module)

Displays the Safety Integrated status on the drive (Control Unit + Motor Mo- Checksum: Protection level:
dule). No 2
Bit 00: STO selected in the drive 1 signal: Yes, 0 signal: No
Bit 01: STO active in the drive 1 signal: Yes, 0 signal: No
Bit 02: SS1 active in the drive 1 signal: Yes, 0 signal: No
Bit 04: SBC requested 1 signal: Yes, 0 signal: No
Bit 05: SS1 selected in the drive 1 signal: Yes, 0 signal: No
Bit 06: SS1 active in the drive 1 signal: Yes, 0 signal: No
Bit 31: Shutdown path test required 1 signal: Yes, 0 signal: No
This status is formed from the AND operation of the relevant status of the two
monitoring channels.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-475
Data Description 10/15
8.2 Parameters for SINAMICS S120

r9774.0...31 CO/BO: SI Status (group STO)

Displays the status for Safety Integrated of the group to which this drive Checksum: Protection level:
belongs. This signals are an AND logic operation of the individual status signals No 2
of the drives included in this group
Bit 00: STO selected in the group
1 signal: Yes, 0 signal: No
Bit 01: STO active in the group
1 signal: Yes, 0 signal: No
Bit 02: SS1 active in the group
1 signal: Yes, 0 signal: No
Bit 04: SBC requested in the group
1 signal: Yes, 0 signal: No
Bit 05: SS1 selected in group
1 signal: Yes, 0 signal: No
Bit 06: SS1 active in the group
1 signal: Yes, 0 signal: No
Bit 31: Shutdown paths of the group must be tested
1 signal: Yes, 0 signal: No
See also: p9620, r9773
If a drive belonging to a group is deactivated using p0105, then the signals in
r9774 can no longer be correctly displayed (countermeasure: Before deacti-
vating, remove this drive from the group).
A group is formed by appropriately grouping the terminals for the function ”Safe
torque off” (STO). The status of a group of n drives is, for drives 1 to n--1
displayed with a delay of one monitoring clock cycle; this is a system--related
effect.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9776 SI diagnostics
The parameter is used for diagnostics. Checksum: Protection level:
Bit 00: safety parameter changed, POWER ON required No 3
1 signal: Yes, 0 signal: No
Bit 01: safety functions enabled
1 signal: Yes, 0 signal: No
Bit 02: safety component replaced and save necessary
1 signal: Yes, 0 signal: No
Bit 03: safety component replaced and acknowledgment/save required
1 signal: Yes, 0 signal: No
See also: r9793
Note:
For bit 00 = 1:
At least one safety parameter was changed, that only becomes effective after a
POWER ON.
For bit 01 = 1:
Safety functions (basic functions or extended functions) have been enabled
and are effective.
For bit 02 = 1:
A safety--relevant component was replaced. Must be saved (p0977 = 1 or
p0971 = 1 or ”Copy RAM to ROM”).
For bit 03 = 1:
a safety--relevant component was replaced. Acknowledgment (p9702 = 29) and
save (p0977 = 1 or p0971 = 1 or ”Copy RAM to ROM”) required.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

8-476 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9780 SI monitoring cycle (Control Unit)

Displays the clock cycle time for the Safety Integrated Basic Functions on the Checksum: Protection level:
Control Unit. No 3
The SI monitoring clock cycle cannot be parameterized for STO/SBC/SS1. It is
permanently specified in the software and displayed in r9780.
See also: r9880
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms -- -- -- Floating Point32 --

r9781[0...1] SI change monitoring checksum (Control Unit)

Displays the checksum for change tracking for Safety Integrated. Checksum: Protection level:
These are additional parameters, which are generated and used to track 3
changes (fingerprints for the function ”Safety Logbook”) to Safety parameters
(that are relevant for checksums).
[0] = SI change tracking, checksum functional
[1] = SI change tracking checksum, hardware dependent
See also: p9601, p9729, p9799 and F01690
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- Unsigned32 --

r9782[0...1] SI change monitoring time stamp (Control Unit)

Displays the time stamp for the checksums for tracking changes to Safety Checksum: Protection level:
Integrated. 3
The time stamps for the checksums for tracking changes (fingerprint for the
”safety logbook” functionality) at safety parameters were saved in parameters
p9781[0] and p9781[1].
[0] = SI change tracking, time stamp checksum functional
[1] = SI change tracking time stamp checksum, hardware dependent
See also: p9601, p9729, p9799 and F01690
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
h -- -- -- Floating Point32 --

r9794[0...19] SI crosswise comparison list (Control Unit)

Displays the number of the data that are being presently compared crosswise Checksum: Protection level:
on the Control Unit. No 3
The list of crosswise compared data depends on the particular application.
See also: r9894
Example:
r9794[0] = 1 (monitoring clock cycle)
r9794[1] = 2 (enable safety--related functions)
r9794[2] = 3 (F--DI changeover, tolerance time)
...
The complete list of numbers for the crosswise compared data is listed in fault
F01611.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-477
Data Description 10/15
8.2 Parameters for SINAMICS S120

r9795 SI diagnostics STOP F (Control Unit)

Displays the number of the cross--checked data which has caused STOP F on Checksum: Protection level:
the Control Unit. No 2
See also: r9895 and F01611
The complete list of numbers for the crosswise compared data is listed in fault
F01611.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9798 SI actual checksum SI parameters (Control Unit)

Displays the checksum over the checked Safety Integrated parameters on the Checksum: Protection level:
Control Unit (actual checksum). No 3
See also: p9799, r9898
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

p9799 SI reference checksum SI parameters (Control Unit)

Sets the checksum for the checked Safety Integrated parameters on the Checksum: Protection level:
Control Unit (reference checksum). No 3
The actual checksum (r9798) calculated by the CU must be entered into the
reference checksum p9799. This therefore acknowledges the safety com-
missioning on the Control Unit for the basis functions integrated in the drive.
See also: r9798, p9899
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex FFFF FFFF hex Unsigned32 When exiting SI--
commissioning

© Siemens AG 2015 All Rights Reserved

8-478 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

Parameters for functions integrated in the drive MM

p9801 SI enable functions integrated in the drive (Motor Module)

Sets the enable signals for the safety functions integrated in the drive and type Checksum: Protection level:
of selection on the Motor Module. Yes 3
Depending on the Control Unit and Motor Module or Power Module being used,
only a selection of the following listed settings is permissible:
0000 hex:
Drive--integrated safety functions inhibited (no safety function).
0001 hex:
Basis functions via onboard terminals are enabled (permissible for r9871.0 = 1).
See also: p9601
Bit 00: Enable STO (SH) via terminals (Motor Module)
1 signal: Enabled, 0 signal: Lock
A change always only becomes effective after POWER ON. Exception:
Changes to p9801.0 become effective immediately.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 0000 bin -- -- Unsigned16 When exiting the
SI--commission-
ing mode

It is permissible to simultaneously enable the safety functions integrated in the

drive (p9601/p9801 < > 0) and the motion monitoring functions (p9501 < > 0).

p9802 SI enable safe brake control (Motor Module)

Sets the enable signal for the ”Safe brake control” function (SBC) on the Motor Checksum: Protection level:
Module. Yes 3
0: Inhibit SBC
1: Enable SBC
See also: p9602
The ”safe brake control” function only becomes active if at least one safety
monitoring function is enabled (i.e. p9501 not equal to 0 and/or p9801 not equal
to 0).
If a motor holding brake is not being used then it does not make any sense to
enable the parameterization ”no motor holding brake available” and ”safe brake
control” (p1215 = 0, p9602 = p9802 = 1).
The parameterization ”motor holding brake the same as sequence control,
connection via BICO” and ”safe brake control” enabled (p1215 = 3, p9602 = 1,
p9802 = 1) does not make sense.
The parameterization ”motor holding brake without feedback signals” and ”safe
brake control” enabled (p1278 = 1, p9602 = 1, p9802 = 1) is not permissible.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 1 Integer32 When exiting the
SI--commission-
ing mode

If p9802 = 1, the holding braking is closed when SH is selected or SI errors occur.

p9602 has priority over p1215.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-479
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9810 SI PROFIsafe address (Motor Module)

Sets the PROFIsafe address of the Motor Module/Hydraulic Module. Checksum: Protection level:
Yes 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex FFFE hex Unsigned16 When exiting the
SI--commission-
ing mode

p9821 BI: SI Safe Brake Adapter signal source (Motor Module)

Setting of the signal source for the Safe Brake Adapter (SBA). Checksum: Protection level:
This therefore defines via which digital input the Safe Brake Adapter checkback Yes 3
signal (SBA_DIAG) is read in.
p9621/p9821 = 0:
There is no Safe Brake Control (SBC) with Safe Brake Adapter (SBA)
available.
p9621/p9821 = r0722.x (x = 0, 1 ... 7)
Safe Brake Adapter and booksize unit (no Communication Interface Module
(CIM)).
p9621/p9821 = r9872.3
Safe Brake Adapter and chassis unit(CIM).
See also: p9601, p9602, p9621
For a crosswise data comparison between p9621 and p9821, no difference is
tolerated.
The following must apply when using the ”Safe Brake Adapter” function:
p9601 = p9801 <> 0 and p9602 = p9802 = 1
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32 When exiting the
SI--commission-
ing mode

p9822[0...1] SI SBA relay wait times (Motor Module)

Setting the wait times for switching on and switching off the Safe Brake Adapter Checksum: Protection level:
relay. Yes 3
The relay--specific minimum wait times to evaluate the feedback signal contacts
must be set. For a relay, these differ when switching on and switching off.
[0] = wait time, switching on
[1] = wait time, switching off
See also: p9622
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle (r9780/r9880).
For index 0:
Wait time switch on = drop--out time + bounce time NO contact + effect of the
freewheeling diode in the Safe Brake Adapter
For index 1:
Wait time switch off = response time + bounce time NC contact + effect of the
freewheeling diode in the Safe Brake Adapter
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
μs [0] 100000.00 -- -- Floating Point32 When exiting the
[1] 65000.00 SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

8-480 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p9825[0...1] SI HLA shutoff valve wait time (MM)

Sets the wait times for switching on and switching off the shutoff valve. Checksum: Protection level:
The valve--specific minimum wait times to evaluate the feedback signal Yes 3
contacts must be set.
[0] = wait time, switching on
[1] = wait time, switching off
See also: p9625
Notice:
This parameter is overwritten by the copy function of the safety functions
integrated in the drive.
Note: The set time is internally rounded off to an integer multiple of the
monitoring clock cycle (r9780/r9880).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
μs [0] 250000.00 0.00 2000000.00 Floating Point32 When exiting the
[1] 250000.00 SI--commission-
ing mode

p9826 SI HLA shutoff valve feedback contacts configuration (MM)

Sets the feedback signal contacts of the shutoff valve to be monitored. Checksum: Protection level:
The sensors for the feedback signals of the shutoff valves are connected via Yes 3
X281/X282.
0: NC contact/NO contact (NC/NO)
1: NC contact / NC contact (NC/NC)
2: NO contact/NO contact (NO/NO)
4: Normally closed contact (NC)
5: Normally open contact (NO)
See also: p9626
Notice:
This parameter is overwritten by the copy function of the safety functions
integrated in the drive.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
μs [0] 250000.00 0.00 2000000.00 Floating Point32 When exiting the
[1] 250000.00 SI--commission-
ing mode

p9850 SI SGE switchover discrepancy time (Motor Module)

Sets the discrepancy time to changeover the safety--related inputs (SGE) on Checksum: Protection level:
the Motor Module/Hydraulic Module. Yes 3
Because of the different runtimes of the two monitoring channels, an SIS
switchover is not effective at the same time. After an SGE switchover, a cross--
comparison of the dynamic data is not carried out during this discrepancy time.
For a crosswise data comparison between p9650 and p9850, a difference of
one safety monitoring clock cycle is tolerated.
The parameterized time is internally rounded--off to an integer multiple of the
monitoring clock cycle.
See also: p9650
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
μs 500000.00 0.00 2000000.00 Floating Point32 When exiting the
SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-481
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9851 SI STO/SBC/SS1 debounce time (Motor Module)

Setting of the debounce time for the EP terminal of the Motor Module. Checksum: Protection level:
The debounce time is rounded--off to whole milliseconds. It specifies the maxi- Yes 3
mum duration of a fault pulse at the fail--safe digital inputs with no associated
reaction on the selection or deselection of the Safety Basic functions.

Example:
Debounce time = 1 ms: Interference pulses of 1 ms are filtered, only pulses
longer than 2 ms are processed.
Debounce time = 3 ms: Interference pulses of 3 ms are filtered, only pulses
longer than 4 ms are processed.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
μs 0.00 0.00 1 000 0.00 Floating Point32 When exiting the
SI--commission-
ing mode

p9852 SI Safe Stop 1 delay time (Motor Module)

Sets the delay time of the pulse cancellation for the function ”Safe Stop 1” Checksum: Protection level:
(SS1) on the Motor Module to brake along the OFF3 down ramp (p1135). Yes 3
So that the drive is able to travel along the OFF3 ramp completely and any
motor holding brake present can be applied, the delay time should be set as
follows:
Motor holding brake parameterized: Delay time >= p1135 + p1228 + p1217
Motor holding brake not parameterized: Delay time >= p1135 + p1228
Also refer to: p1135, p9652
For a crosswise data comparison between p9652 and p9852, a difference of
one safety monitoring clock cycle is tolerated.
The parameterized time is internally rounded--off to an integer multiple of the
monitoring clock cycle.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 0 0 300000.00 Floating Point32 When exiting the
SI--commission-
ing mode

p9858 SI transition time STOP F to STOP A (Motor Module)

Sets the transition period from STOP F to STOP A on the Motor Module/ Checksum: Protection level:
Hydraulic Module. Yes 3
See also: p9658, r9895 and F30611
For a crosswise data comparison between p9658 and p9858, a difference of
one safety monitoring clock cycle is tolerated.
The parameterized time is internally rounded--off to an integer multiple of the
monitoring clock cycle.
STOP F: Defect in a monitoring channel (error in the CDC)
STOP A: STO as a result of a fault identified by Safety Integrated
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
μs 0 0 30 000 000.00 Floating Point32 When exiting the
SI--commission-
ing mode

© Siemens AG 2015 All Rights Reserved

8-482 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9870[0...3] SI version drive--based safety functions (Motor Module)

Displays the Safety Integrated version for the drive--integrated safety functions Checksum: Protection level:
on the Motor Module/Hydraulic Module. No 3
[0]: Safety Version (major release)
[1]: Safety Version (minor release)
[2]: Safety Version (baselevel or patch)
[3] = Safety Version (hotfix)
See also: r9770, r9890
Example:
r9870[0] = 2, r9870[1] = 60, r9870[2] = 1, r9870[3] = 0
----> Safety version V02.60.01.00
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

r9871 SI common functions (Motor Module)

Displays the Safety Integrated monitoring functions supported on the Control Checksum: Protection level:
Unit and Motor Module. No 3
The Motor Module/Hydraulic Module determines this display.
Bit 00: STO via terminals is supported
1 signal: Yes, 0 signal: No
Bit 01: SBC is supported
1 signal: Yes, 0 signal: No
Bit 02: Extended Functions supported (p9501 > 0)
1 signal: Yes, 0 signal: No
Bit 03: SS1 supported
1 signal: Yes, 0 signal: No
Bit 08: Safe Brake Adapter Supported
1 signal: Yes, 0 signal: No
Bit 13: ESR delay of the pulse cancellation supported
1 signal: Yes, 0 signal: No
See also: r9771
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-483
Data Description 10/15
8.2 Parameters for SINAMICS S120

r9872.0...24 CO/BO: SI status (Motor Module)

Displays the Safety Integrated status on the Motor Module/Hydraulic Module. Checksum: Protection level:
Bit 00: STO selected on the Motor Module No 2
1 signal: Yes, 0 signal: No
Bit 01: STO active on the Motor Module
1 signal: Yes, 0 signal: No
Bit 02: SS1 delay time active on the Motor Module
1 signal: Yes, 0 signal: No
Bit 03: Safe Brake Adapter feedback signal
1 signal: High, 0 signal: low
Bit 04: SBC requested
1 signal: Yes, 0 signal: No
Bit 05: SS1 selected on Motor Module
1 signal: Yes, 0 signal: No
Bit 06: SS1 active on Motor Module
1 signal: Yes, 0 signal: No
Bit 07: STO terminal state on the Motor Module
(Basic Functions)
1 signal: Yes, 0 signal: No
Bit 09: STOP A cannot be acknowledged active
1 signal: Yes, 0 signal: No
Bit 10: STOP A active
1 signal: Yes, 0 signal: No
Bit 15: STOP F active
1 signal: Yes, 0 signal: No
Bit 16: STO cause, safety commissioning mode
1 signal: Yes, 0 signal: No
Bit 17: STO cause, selection via terminal
1 signal: Yes, 0 signal: No
Bit 18: STO cause, selection via SSM
1 signal: Yes, 0 signal: No
Bit 22: SS1 cause, selection terminal
1 signal: Yes, 0 signal: No
See also: r9772
If communication is interrupted between the Control Unit and Motor Module
(e.g. by switching--off the Motor Module), then this display parameter is no
longer updated. The last transferred status of the Motor Module is displayed.
Re bit 00:
When STO is selected, the cause is displayed in bits 16 ... 21.
Re: bit 05: When SS1 is selected, the cause is displayed in bits 22 and 23.
Re: bit 18: When the bit is set, STO is selected via PROFIsafe.
For bit 22: This bit indicates via which path SS1 was initiated, i.e. who started
the SS1 delay time. If the SS1 delay time is not started (e.g. because an STO is
simultaneously initiated), then the bit is not set.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

r9880 SI monitoring cycle (Motor Module)

Displays the clock cycle time for the Safety Integrated Basic Functions on the Checksum: Protection level:
Motor Module/Hydraulic Module. No 3
See also: r0110, p0115, r9780
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms -- -- -- Floating Point32 --

© Siemens AG 2015 All Rights Reserved

8-484 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

r9881[0...11] SI Motion Sensor Module Node Identifier second channel

Displays the Node Identifier of the Sensor Module that is used by the second Checksum: Protection level:
channel for the motion monitoring functions. No 3
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned8 --

r9890[0...2] SI version (Sensor Module)

Displays the Safety Integrated version on the Sensor Module. Checksum: Protection level:
[0]: Safety Version (major release) No 3
[1]: Safety Version (minor release)
[2]: Safety Version (baselevel or patch)
See also: r9770, r9870
Example:
r9890[0]=2, r9890[1]=3, r9890[2]=1----> Safety Version V02.03.01
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

r9894[0...19] SI crosswise comparison list (Motor Module)

Displays the number of the data that are being presently compared crosswise Checksum: Protection level:
on the Motor Module/Hydraulic Module. No 3
The list of crosswise compared data depends on the particular application.
See also: r9794
Example:
r9894[0] = 1 (monitoring clock cycle)
r9894[1] = 2 (enable safety--related functions)
r9894[2] = 3 (SGE changeover, tolerance time)
r9894[3] = 4 (transition time, STOP F to STOP A)
...
The complete list of numbers for the crosswise compared data is listed in fault
F30611.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned16 --

r9895 SI diagnostics STOP F (Motor Module)

Displays the number of the cross--checked data which has caused STOP F on Checksum: Protection level:
the Motor Module/Hydraulic Module. No 2
See also: r9795 and F30611
The complete list of numbers for the crosswise compared data is listed in fault
F30611.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-485
Data Description 10/15
8.2 Parameters for SINAMICS S120

p9897 SI Motion bus failure STO delay time (Motor Module)

Sets the delay time for STO after bus failure on the Motor Modules/Hydraulic Checksum: Protection level:
Module (e.g. used for ESR). Yes 3
This parameter is overwritten by the copy function of the safety functions
integrated in the drive.
Rounding--off effects can occur in the last decimal places of the parameterized
time. The set time
is internally rounded off to an integer multiple of the monitoring clock cycle
(p9500/p9300).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
μs 0 0 800 000 Real32 When exiting the
SI--commission-
ing mode

r9898 SI actual checksum SI parameters (Motor Module)

Displays the checksum for the checked Safety Integrated parameters on the Checksum: Protection level:
Motor Module/Hydraulic Module (actual checksum). No 3
See also: r9798, p9899
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 --

p9899 SI reference checksum SI parameters (Motor Module)

Sets the checksum using the checksum--checked Safety Integrated para- Checksum: Protection level:
meters on the Motor Module/Hydraulic Module (reference checksum). No 3
See also: p9799, r9898
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0000 hex 0000 hex FFFF FFFF hex Unsigned32 When exiting the
SI--commission-
ing mode

The actual checksum (r9898) calculated by the MM must be entered into the
reference checksum p9899. This therefore acknowledges the safety commission-
ing on the Motor Module.

p10201 SI Motion SBT enable

Setting to enable the safe brake test. Checksum: Protection level:
Bit 00: Enables the safe brake test Yes 3
1 signal: yes, 0 signal: No
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-486 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p10202[0...1] SI Motion SBT brake selection

Selecting the brake to be tested Checksum: Protection level:
0: Lock Yes 3
1: Testing the motor holding brake
2: Test external brake
[0] = brake 1
[1] = brake 2
See also: p10203, p10230, p10235
See also: A01785
Note:
It is not possible to test two motor holding brakes. A corresponding message is
issued if incorrectly parameterized.
The brake to be tested is selected using p10230[2] or p10235.2.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 2 Integer16 POWER ON

p10203 SI Motion SBT control selection

Selects the control of the safe brake test. Checksum: Protection level:
0: SBT via SCC (p10235) Yes 3
1: SBT via BICO (p10230)
2: SBT for test stop selection (p9705/p10250.8)
See also: p9705, p10230, p10235, p10250
Note:
SCC: Safety Control Channel
For value = 2, the following applies:
Brake 1 is tested with sequence 1 (p10210[0], p10211[0], p10212[0], p10218).
Brake 1 must be configured as motor holding brake (p10202[0] = 1).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 2 Integer16 POWER ON

p10204 SI Motion SBT motor type

Selecting the motor type for the safe brake test Checksum: Protection level:
0: Rotary Yes 3
1: Linear
See also: F01787
Note:
The following applies to safety--related functions that have not been enabled
(p9501 = 0):
-- when booting p10204 is automatically set the same as r0108.12
The following applies for an enabled safe brake test (10201.0 = 1):
-- when booting, a check is made that p10204 matches r0108.12.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 1 Integer16 POWER ON

p10208[0...1] SI Motion SBT test torque ramp time

Sets the time in which the test torque is ramped up against the closed brake. Checksum: Protection level:
After the safe brake test, the test torque is ramped--down again. Yes 3
0: Brake 1
1: Brake 2
Note:
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 1000 20 10000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-487
Data Description 10/15
8.2 Parameters for SINAMICS S120

p10209[0...1] SI Motion SBT brake holding torque

Sets the effective holding torque on the motor side of the brake to be tested. Checksum: Protection level:
0: Brake 1 Yes 3
1: Brake 2
The holding torque of an external brake should be converted over to the motor
side.
Conversion factor:
-- motor type = rotary and axis type = linear: p9522 / (p9521 x p9520)
-- otherwise: p9522 / p9521
Further, the efficiency of the mechanical system must be taken into considera-
tion.
See also: p10210, p10220
Note:
The test torque effective for the brake test can be set for each sequence using
a factor (p10210, p10220).
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
Nm 10.00 1.0 60000.00 Floating Point32 POWER ON

p10210[0...1] SI Motion SBT test torque factor sequence 1

Sets the factor for the test torque of sequence 1 for the safe brake test. Checksum: Protection level:
The factor is referred to the brake holding torque (p10209). Yes 3
0: Brake 1
1: Brake 2
See also: p10209, p10235
Note:
The test sequence is selected using p10230[4] or p10235.4.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 1.00 0.30 1.00 Floating Point32 POWER ON

p10211[0...1] SI Motion SBT test duration sequence 1

Sets the test duration for sequence 1 for the safe brake test. Checksum: Protection level:
The test torque is applied to the closed brake for this time. Yes 3
0: Brake 1
1: Brake 2
See also: p10230, p10235
Note:
The test sequence is selected using p10230[4] or p10235.4.
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 1000 20 10000 Floating Point32 POWER ON

p10212[0...1] SI Motion SBT position tolerance sequence 1

Sets the tolerated position deviation for sequence 1 for the safe brake test. Checksum: Protection level:
0: Brake 1 Yes 3
1: Brake 2
See also: p10230, p10235
Note:
The test sequence is selected using p10230[4] or p10235.4.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm 1.000 0.001 360.000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-488 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p10218 SI Motion SBT test torque sign

Sets the sign for the test torque for the safe brake test. Checksum: Protection level:
This parameter is only applicable for ”SBT for test stop selection” (p10203 = 2). Yes 3
0: Positive
1: Negative
See also: p10203
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 0 1 Integer16 POWER ON

p10220[0...1] SI Motion SBT test torque factor sequence 2

Sets the factor for the test torque of sequence 2 for the safe brake test. Checksum: Protection level:
The factor is referred to the brake holding torque (p10209). Yes 3
0: Brake 1
1: Brake 2
See also: p10209, p10230, p10235
The test sequence is selected using p10230[4] or p10235.4.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 1.00 0.30 1.00 Floating Point32 POWER ON

p10221[0...1] SI Motion SBT test duration sequence 2

Sets the test duration for sequence 2 for the safe brake test. Checksum: Protection level:
The test torque is applied to the closed brake for this time. Yes 3
0: Brake 1
1: Brake 2
See also: p10209, p10230, p10235
The test sequence is selected using p10230[4] or p10235.4.
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
ms 1000 20 10000 Floating Point32 POWER ON

p10222[0...1] SI Motion SBT position tolerance sequence 2

Sets the test duration for sequence 2 for the safe brake test. Checksum: Protection level:
The test torque is applied to the closed brake for this time. Yes 3
0: Brake 1
1: Brake 2
See also: p10209, p10230, p10235
The test sequence is selected using p10230[4] or p10235.4.
The set time is internally rounded off to an integer multiple of the monitoring
clock cycle.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
mm 1.000 0.001 360.000 Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-489
Data Description 10/15
8.2 Parameters for SINAMICS S120

p10230[0...5] SI IMotion SBT control word

Sets the signal sources for the safe brake test control word. Checksum: Protection level:
This parameter is only applicable for ”SBT via BICO” (p10203 = 1). Yes 3
[0] = select brake test
[1] = start brake test
[2] = select brake
[3] = test torque select sign
[4] = select test sequence
[5] = external brake status
Note
For BI: p10230[0]:
0/1 signal: Select the brake test.
0 signal: inactive.
For BI: p10230[1]:
0/1 signal: Start brake test.
For BI: p10230[2]:
1 signal: Select brake 2.
0 signal: Select brake 1.
For BI: p10230[3]:
1 signal: select negative test torque.
0 signal: select positive test torque.
For BI: p10230[4]:
1 signal: Select test sequence 2.
0 signal: select test sequence 1.
For BI: p10230[5]:
1 signal: External brake closed.
0 signal: External brake open.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32/ POWER ON
Binary

r10231 SI Motion SBT control word diagnostics

Display of the diagnostic bits for the safe brake test control word. Checksum: Protection level:
Bit signal name Yes 3
00 select brake test
1 signal: Yes, 0 signal: No
01 start brake test
1 signal: Yes, 0 signal: No
02 select brake
1 signal: Brake 2, 0 signal: Brake 1
03 test torque select sign
1 signal: Negative, 0 signal: Positive
04 select test sequence
1 signal: test sequence 2, 0 signal: test sequence 1
05 external brake status
1 signal: Closed, 0 signal: Open
See also: p10203
The bits show the actual control signals of the control set in p10203.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-490 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p10234.0...15 CO/BO: SI Safety Info Channel status word S_ZSW3B

Display and BICO output for status word S_ZSW3B of the Safety Info Channel. Checksum: Protection level:
Bit signal name Yes 3
00 brake test selected
1 signal: Yes, 0 signal: No
01 setpoint input drive/external
1 signal: Drive, 0 signal: External
02 active brake
1 signal: Brake 2, 0 signal: Brake 1
03 brake test active
1 signal: Yes, 0 signal: No
04 brake test result
1 signal: Successful, 0 signal: Erroneous
05 brake test completed
1 signal: Yes, 0 signal: No
06 external brake request
1 signal: Close, 0 signal: Open
07 actual load sign
1 signal: Negative, 0 signal: Positive
14 acceptance test SLP (SE) active
1 signal: Yes, 0 signal: No
15 acceptance test mode selected
1 signal: Yes, 0 signal: No
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 POWER ON

p10235 CI: SI Safety Control Channel control word S_STW3B

Sets the signal source for control word S_STW3B of the Safety Control Chan- Checksum: Protection level:
nel. Yes 3
This parameter is only used as control word for the safe brake test only for
”SBT via SCC” (p10203 = 0).
See also: p10203
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32 / POWER ON
Integer16

r10240 SI Motion SBT load torque diagnostics

Displays the load torque for the safe brake test. Checksum: Protection level:
This load torque is available at the drive when initializing the brake test. Yes 3
Note
The displayed value is kept until the brake test is deselected.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
Nm -- -- -- Floating Point32 POWER ON

r10241 SI Motion SBT load force diagnostics

Displays the load force for the safe brake test. Checksum: Protection level:
This load force is available at the drive when initializing the brake test. Yes 3
Note
The displayed value is kept until the brake test is deselected.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
N -- -- -- Floating Point32 POWER ON

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-491
Data Description 10/15
8.2 Parameters for SINAMICS S120

r10242 SI Motion SBT state diagnostics

Displays the current status of the safe brake test. Checksum: Protection level:
0: Brake test inactive, wait until SBT is selected Yes 3
1: Setpoint input drive
2: Determining the load
3: Brake test is initialized, wait for test sequence start
4: Start test sequence
5: Close the brake, establish the test torque
6: Brake test active, wait until the test has been completed
7: Reduce test torque to zero
8: Wait for the brake to open
9: Brake test successfully completed, wait until start is deselected
10: Change to brake test initialized -- fault acknowledgment
11: Brake test canceled, torque is reduced to zero
12: Brake test canceled, wait for the brake to open
13: Brake test exited with error, wait for acknowledgment
14: Brake opening timer expired
15: Error when initializing the brake test, wait for acknowledgment
16: Change to brake test inactive, acknowledgment active
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- 0 16 Integer16 POWER ON

p10250 CI: SI Safety Control Channel control word S_STW1B

Sets the signal source for control word S_STW1B of the Safety Control Checksum: Protection level:
Channel. Yes 3
See also: p10203,r10251
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 0 -- -- Unsigned32 / POWER ON
Integer16

r10251.8...12 CO/BO: SI Safety Control Channel control word S_STW1B diagnostics

Display and BICO output for the diagnostics of control word S_STW1B of the Checksum: Protection level:
Safety Control Channel. Yes 3
Bit signal name
08 Extended Functions test stop selection
1 signal: Selected, 0 signal: Not selected
09 Extended Functions trigger referencing
1 signal: Selected, 0 signal: Not selected
10 Extended Functions trigger reset
1 signal: Selected, 0 signal: Not selected
Extended Functions premature SOS after STOP D
1 signal: Selected, 0 signal: Not selected
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- -- -- -- Unsigned32 POWER ON

© Siemens AG 2015 All Rights Reserved

8-492 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.2 Parameters for SINAMICS S120

p60122 IF1 PROFIdrive SIC/SCC telegram selection

Sets the telegram for the Safety Info Channel (SIC)/Safety Control Channel Checksum: Protection level:
(SCC) No 3
SIC/SCC telegram p60122 is attached to the PZD telegram p0922/p2079 with
no gaps.
700: Supplementary telegram 700, PZD--0/3
701: Supplementary telegram 701, PZD--2/5
999: Free telegram configuration with BICO
The distance to the PZD telegram can be increased with p2070/p2071 (this
distance is the number of receive words between the end of the PZD telegram
and the start of the SIC/SCC telegram). After changing p0922/p2079 or
p2070/p2071, p60122 must be set again.
The telegram interconnections can only be changed if p60122 and p0922 are
set equal to 999.
Unit: Default value: Minimum value: Maximum value: Data type: Effective:
-- 999 700 999 Integer16 immediately

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-493
Data Description 10/15
8.3 NCK--MD, that are read from Safety Integrated

8.3 NCK--MD, that are read from Safety Integrated

The safety software reads the following NCK machine data. To a large extent,
these machine data are not calculated into the checksums, as they do not have
any direct safety--relevant significance, or as a consequence of changing this data,
the safety--relevant data is changed, which in turn, is calculated into the checksum.

MD MD identifier Use
number
10050 SYSCLOCK_CYCLE_TIME to determine the monitoring clock cycle;
as time basis for position controller based monitoring
times
10060 POSCTRL_SYSCLOCK_TIME_RATIO to distribute the SI monitoring channels to various
position control clock cycles
10070 IPO_SYSCLOCK_TIME_RATIO as time basis for IPO--based monitoring times
30100 CTRLOUT_SEGMENT_NR Defines as to whether a PROFIdrive drive is invol-
ved.
36906 CTRLOUT_MODULE_NR to determine access to the interface to the DRV; to
determine the drive module type
30130 CTRLOUT_TYPE to protect against parameterizing errors
10200 INT_INCR_PER_MM to convert the reference position from the NCK into
the SI computation format (linear axes)
10210 INT_INCR_PER_DEG to convert the reference position from the NCK into
the SI computation format (rotary axes/spindles)
30300 IS_ROT_AX for a plausibility check, rotary axis setting
30230 ENC_INPUT_NR from which encoder data is read using drive parame-
ter r0979
30240 ENC_TYPE to protect against inadmissible measuring functions
34210 ENC_REFP_STATE to protect against inadmissible measuring functions
30330 MODULO_RANGE for plausibility check, modulo values
10360 FASTIO_DIG_NUM_OUTPUTS Determines double assignment of IO modules
10071 IPO_CYCLE_TIME Time basis for IPO--based monitoring times
11500 PREVENT_SYNACT_LOCK SPL protection

© Siemens AG 2015 All Rights Reserved

8-494 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.4 Drive parameters that are read from the NCK--SI

8.4 Drive parameters that are read from the NCK--SI

The following drive parameters are read when the control boots to protect the drive
parameterization, relevant for the safety functions, from being changed.

Parameter No. Meaning Stored in the NCK--MD Alarm when

changing the
MD value
p2003 Reference torque SAFE_BRAKETEST_TORQUE_NORM 27039
r0979[1, 11, 21] 1) Type encoder SAFE_ENC_IS_LINEAR 27036
4)

r0979[2, 12, 22] 1), Encoder resolution SAFE_ENC_GRID_POINT_DIST 27036

4), 5)
SAFE_ENC_RESOL 2)
r0979[3, 13, 23] 1) Shift factor XIST1 SAFE_ENC_PULSE_SHIFT 27036
4), 5)

r9744 Message buffer -- 3) --

changes counter
r9747[0] Message code -- 3) --
r9748[0] Message time, -- 3) --
received
r9749[0] Message value -- 3) --
p9810 PROFIsafe address SAFE_DRIVE_PS_ADDRESS 27035
r9881[0...11] Sensor Module Node SAFE_ENC_IDENT 27035
Identifier
r0469[0,1,2] 1), 4), Resolution measuring SAFE_ENC_MEAS_STEPS_RESOL 27036
5) steps for linear abso-
lute encoders
r0470[0,1,2] 1), 4), Valid bits of the redun- SAFE_ENC_NUM_BITS[0] 27035
5) dant coarse position
value
r0471[0,1,2] 1), 4), Fine resolution of the SAFE_ENC_NUM_BITS[1] 27035
5) redundant coarse
position value
r0472[0,1,2] 1), 4), Relevant bits of the SAFE_ENC_NUM_BITS[2] 27036
5) redundant coarse
position value
r0473[0,1,2] 1), 4), Non--safety--related SAFE_ENC_MEAS_STEPS_POS1 27036
5) measuring steps posi-
tion value POS1.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-495
Data Description 10/15
8.4 Drive parameters that are read from the NCK--SI

Parameter No. Meaning Stored in the NCK--MD Alarm when

changing the
MD value
r0474[0,1,2] 1), 4), Configuration of the SAFE_ENC_CONF 27035
5) redundant coarse
position value
Bit 0: Count direction,
up/down
Bit 1: CRC 16: LSB/
MSB first
Bit 2: MSB/LSB justi-
fied
r0475[0,1,2] 1), 4), Safety MSB of the SAFE_ENC_NUM_BITS[3] 27036
5) redundant coarse
position value
r9527 5) Encoder evaluation SAFE_ENC_MOD_TYPE 27035
type
1) Which parameter indices are read depends on which encoder was selected using MD
$MA_SAFE_ENC_INPUT_NR.
2) In which MD the value is saved, depends on the selected encoder type. Setting is made using MD
$MC_SAFE_ENC_IS_LINEAR.
3) These parameters are not mapped in NCK--MD, but in Alarm 27900 and correspondingly alarm
parameters changed over.
4) These parameters are only evaluated if the encoder parameterization is valid.
5) If the drive parameter violates the internal limits of the associated NCK--MDs, then Alarm 27038 ”Axis %1
value %2 in drive parameter %3 violates the limits of NCK--MD %4” is output, and the value is not
transferred into the NCK--MD.

© Siemens AG 2015 All Rights Reserved

8-496 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.5 Protection checksum

8.5 Protection checksum

Checksums are generated using this MD in order to detect falsification of the SI--
relevant machine data checked in the acceptance test.
In order to provide users with the most accurate information as possible about the
area of the safety relevant parameterization in which a discrepancy has occurred
between the reference and actual checksum, the machine data and the associated
checksums are subdivided into:
S Machine data that are parameterized using the axis--specific SI functionality
(refer to Chapter. 8.1.1)
=> $MA_SAFE_ACT_CHECKSUM[0...2]
S Machine data that are parameterized using the general and NCK--specific SI
functionality (refer to Chapter. 8.1.1)
=> $MN_SAFE_GLOB_ACT_CHECKSUM[0...3]
There are machine data fields, which are independent of one another, for these
two machine data groups, in which the checksums are saved.
These two groups are subdivided into various machine data, which in turn are used
to calculate independent checksums. Each checksum change is displayed with its
own alarm message. This means that using the alarm number alone, the user can
identify which function area should be especially carefully assessed in the sub-
sequently required function or acceptance test.
Modular machine concepts are supported by this distribution.
The value of the checksums $MN_SAFE_GLOB_ACT_CHECKSUM[0...3] and
$MA_SAFE_ACT_CHECKSUM[0...2] is re--calculated for various events:
S When the control boots
S Machine control panel reset
S PI service ”_N_CRCSMD”
A comparison between the MD values $MN_SAFE_GLOB_ACT_CHECK-
SUM[0...3] / $MA_SAFE_ACT_CHECKSUM[0...2] and the expected values for the
checksums in MD $MN_SAFE_GLOB_DES_CHECKSUM[0...3] /
$MA_SAFE_DES_CHECKSUM[0...2] is only performed when the control boots, a
discrepancy between the values is displayed using one of the alarms mentioned
below.
In this case, it is necessary to confirm the actual checksum by copying this value
into MD $MN_SAFE_GLOB_DES_CHECKSUM[0...3] /
$MA_SAFE_DES_CHECKSUM[0...2] and rebooting the control.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-497
Data Description 10/15
8.6 Interface signals

8.6 Interface signals

General information
The safety--related input and output signals (SGE and SGA) are signals that are
sent to and received from the system through two channels.

Warning
! A STOP F (displayed using Alarms 27001, 27101 and onwards or F01711) only
results in a subsequent STOP B/A response, if at least one of the safety--related
functions SBH, SG, SE, SN or n<nx synchronization is active or selected. If only
the function ”n < nx” is active, then a STOP F does not result in a subsequent
STOP B/A response.
This means that if ”n < nx” is used as a safety function, then at least one of the
SBH, SG, SE or SN functions must be active or selected (e.g. by selecting a high
SG level).

Note
The SGE/SGA in the drive monitoring channel are mapped in an area of the
NC/PLC interface (signals to/from the drive) and must be supplied in the PLC user
program.
As a result of the two--channel structure of Safety Integrated, the machine
manufacturer must supply the SGE and SGA in both the NCK monitoring channel
and the drive monitoring channel.
Unused SGEs must be set to a defined state.

© Siemens AG 2015 All Rights Reserved

8-498 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

8.6.1 Interface signals for SINUMERIK 840D sl

Table 8-3 Interface signals for 840D sl

DB 31... Signals from/to the drive

Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
... ...
... ...
... ...
DBB 22 SG selection Acknow- SBH SBH/SG
ledgment, Deselec- Deselec-
communi- ti
tion ti
tion
Bit 1 Bit 0 cation
failure
DBB 23 Test stop
p Close SE Gear ratio selection
Selection b k
brake Selection Bit 2 Bit 1 Bit 0
SGE (signals to the drive)
DBB 32 Deselect Deselect Deselect Deselect
ext
ext. ext
ext. ext
ext. ext
ext.
STOP_E STOP_D STOP_C STOP_A
DBB 33 SG correction selection / override
Bit 3 Bit 2 Bit 1 Bit 0
DBB 34 Reserved Reserved Setpoint Setpoint
limiting limiting
bit 1 bit 0
DBB 70 NCK
Safety
Integrated
active
... ...
... ...
... ...
DBB 108 Axis safely Communi- Fault data ”Pulses Communi- SBH/SG
referenced cation transfer cancelled” cation active
failure not status failure
acknowl-
edged
DBB 109 SN4 -- SN4 + SN3 -- SN3 + SN2 -- SN2 + SN1 -- SN1 +
Cam signals of the plus and minus cams
Cam position
DBB 110 n < nx SG active SBH active
Bit 1 Bit 0
DBB 111 STOP_E STOP_D STOP_C STOP_A/B
active active active active
DBB 112 Cam range for cam track 1

DBB 113 Cam range for cam track 2

DBB 114 Cam range for cam track 3

DBB 115 Cam range for cam track 4

DBB 116

DBB 117 Cam track Cam track Cam track Cam track
4 3 2 1

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-499
Data Description 10/15
8.6 Interface signals

Cam track 1
DBB 118 Cam 8 Cam 7 Cam 6 Cam 5 Cam 4 Cam 3 Cam 2 Cam 1
Cam track 1
DBB 119 Cam 15 Cam 14 Cam 13 Cam 12 Cam 11 Cam 10 Cam 9
Cam track 2
DBB 120 Cam 8 Cam 7 Cam 6 Cam 5 Cam 4 Cam 3 Cam 2 Cam 1
Cam track 2
DBB 121 Cam 15 Cam 14 Cam 13 Cam 12 Cam 11 Cam 10 Cam 9
Cam track 3
DBB 122 Cam 8 Cam 7 Cam 6 Cam 5 Cam 4 Cam 3 Cam 2 Cam 1
Cam track 3
DBB 123 Cam 15 Cam 14 Cam 13 Cam 12 Cam 11 Cam 10 Cam 9
Cam track 4
DBB 124 Cam 8 Cam 7 Cam 6 Cam 5 Cam 4 Cam 3 Cam 2 Cam 1
Cam track 4
DBB 125 Cam 15 Cam 14 Cam 13 Cam 12 Cam 11 Cam 10 Cam 9
Note:
DB 31 / 32 / 33 ... contains the interface signals for axis/spindle 1 / 2 / 3 ...

8.6.2 Description of the interface signal

Description of the signals to the monitoring channel

SGE, SBH/SG deselection, SBH deselection

The SBH and SG functions are selected/deselected using these signals.

Table 8-4 Selecting/deselecting SBH and SG

SGE
SBH/SG deselection SBH deselection Meaning
=1 x SBH and SG are deselected
=0 =0 SBH is selected
=0 =1 SG is selected
x: Signal state is optional

SGE SG selection, bits 1, 0

By combining these signals when the SG function is activated it is possible to
select the speed limit value for SG1, 2, 3 or 4.

© Siemens AG 2015 All Rights Reserved

8-500 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

Table 8-5 Selecting speed limit values for SGs

SGE
SG selection SG selection Meaning
Bit 1 Bit 0
=0 =0 Speed limit value is selected for SG1
=0 =1 Speed limit value is selected for SG2
=1 =0 Speed limit value is selected for SG3
=1 =1 Speed limit value is selected for SG4

SGE gearbox ratio selection, bits 2, 1, 0

The combination of these signals determines the selected gearbox ratio 1, 2, ... , 8.

Table 8-6 Gear ratio selection

SGE gearbox ratio selection

Bit 2 Bit 1 Bit 0 Meaning

0 0 0 Gearbox stage 1 is selected
0 0 1 Gearbox stage 2 is selected
0 1 0 Gearbox stage 3 is selected
... ...
1 1 1 Gearbox stage 8 is selected

SGE SE selection
When this signal is appropriately activated, and the SE function is activated, either
SE1 or SE2 is selected.
0 signal: SE1 is selected
1 signal: SE2 is selected

SGE SG correction selection/override, bits 3, 2, 1, 0

16 overrides for the limit value of safely reduced speeds 2 and 4 can be defined
using the SGEs. This means that the limit values for SG2 and SG4 can be more
finely graduated.
An override factor of between 1 and 100% can be assigned to the selected
override using the following machine data:
for 840D sl:
MD36932: $MA_SAFE_VELO_OVR_FACTOR[n]
for SINAMICS S120:
p9532[n]: SI Motion, override factor

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-501
Data Description 10/15
8.6 Interface signals

SGE test stop selection

This signal is used to initiate the shutdown path test for the drive monitoring
channel (see Chapter 6.1.1 ”Shutdown paths”).

SGE
1
Test stop selection

Procedure 2
Timer and check
”Test stop running”

Procedure
3
”Cancel pulses”

SGA
”Status pulses are deleted”

1 Pulse cancellation is started by setting the signal (1 PLC cycle).

After the test stop has been started, a timer runs. When the time in the timer has expired,
2
the test stop execution is checked using the SGA ”status, pulses are cancelled”.
3 The system resets the signals.

Figure 8-1 Signal timing for SGE test stop selection

The test stop is also carried out at the same time in the NCK monitoring channel
(see Chapter 6.1.2 ”Testing the shutdown paths”).

Test stop for external STOPs

See Chapter6.3.9 ”Forced checking procedure of the external STOPs”.

SGE deselect ext. STOP A

”Pulse cancellation” can be requested and executed using this SGE.
The safe functions currently active (SG/SBH/SN/SE) are not influenced by this
SGE.
If one of the currently active limits is violated, an appropriate alarm is initiated. The
associated shutdown response cannot be activated because the pulses have
already been cancelled. As soon as the stop request is cancelled via the SGE
”deselect ext. STOP A” any queued shutdown responses become active.
If a stop request is active, SGA ”STOP A/B is active” is set in the same way as it
would be for an internally triggered STOP A.
0 signal: ”Pulse cancellation” is requested
1 signal: ”Pulse cancellation” is not requested

© Siemens AG 2015 All Rights Reserved

8-502 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

SGE deselect ext. STOP C

This SGE requests ”braking with nset = 0” (braking along the OFF3 ramp).
When this stopping type is initiated, the safe acceleration monitoring (SBR) is
activated. In addition, the timer set using MD36952/p9552:
$MA_SAFE_STOP_SWITCH_TIME_C / ”SI Motion transition time STOP C to
SBH” is started.
After this time has elapsed, the system automatically changes over to SBH.
If a stop request is active, SGA ”STOP C is active” is set in the same way as it
would be for an internally triggered STOP C.
0 signal: ”Braking with nset = 0”” is requested
1 signal: no request for ”braking with nset = 0”

Note
Stopping with an external STOP A (pulse cancellation) has a higher priority and
can interrupt an external STOP C (braking along the OFF3 down ramp).

SGE deselect ext. STOP D

”Braking along a path” can be requested using this SGE.
When ext. STOP D is triggered, the timer set using MD36953/p9553
$MA_SAFE_STOP_SWITCH_TIME_D / ”SI Motion transition time STOP D to
SBH” is started.
After this time has elapsed, the system automatically changes over to SBH.
If a stop request is active, SGA ”STOP D is active” is set in the same way as it
would be for an internally triggered STOP D.
0 signal: ”Braking along a path” is requested
1 signal: braking along the path” is not requested

Note
Stopping with an external STOP A (pulse cancellation) and external STOP C
(braking along the OFF 3 down ramp) have a higher priority and can interrupt an
external STOP D (braking along a path).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-503
Data Description 10/15
8.6 Interface signals

SGE deselect ext. STOP E

This SGE can be used to request a stop via the function ”extended stopping and
retraction” (ESR). When an external STOP E is initiated the timer set using
MD36954: $MA_SAFE_STOP_SWITCH_TIME_E / p9554: ”SI Motion transition
time STOP E to SBH” is started.
After this time has elapsed, the system automatically changes over to SBH.
If a stop request is active, SGA ”STOP E is active” is set in the same way as it
would be for an internally triggered STOP E.
0 signal: ”Stop/retraction” is requested
1 signal: ”Stop/retraction” is not requested

Note
Stopping with an ext. STOP A (pulse cancellation), ext. STOP C (braking along
the OFF3 down ramp) and ext. STOP D (braking along a path) have a higher
priority and can interrupt an ext. STOP E.

STOP E only produces a different response than STOP D if the user has con-
figured the ESR function -- extended stop and retract -- and initiation of the ESR is
programmed depending on $VA_STOPSI or $A_STOPESI. If no ESR is active, the
STOP E behaves like a STOP D. However, if the ESR was incorrectly configured,
there is a delay up to the time $MC_ESR_DELAY_TIME1 and $MC_ESR_DE-
LAY_TIME2 compared to STOP D until the braking operation is initiated.
After these times have expired, braking is initiated at the current limit.

Close SGE brake (only the drive)

Using this SGE, a mechanical brake, that is controlled from the drive brake control,
is closed. It is used to check brake closing while testing the mechanical brake
system.
S If this SGE is set, the brake is closed.
S If this SGE is deleted, then the brake assumes the status of the drive brake
control -- i.e. it is not forcibly opened (no positive opening).

Note
This SGE must be connected to the brake control using a BiCo interconnection in
the drive (p0858 to source r9719, bit 13). This connection is parameterized as
standard.

© Siemens AG 2015 All Rights Reserved

8-504 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

”Selection of the velocity setpoint limit” control signals

MD36933: SAFE_DES_VELO_LIMIT contains 4 values.
The selection of one of these values is realized via the axis--specific PLC user
interface DB3x.DBX34.0 ...1.
Meaning of this interface:
Bit 0: ”Setpoint limitation bit 0”
Bit 1: ”Setpoint limitation bit 1”

Bit 0 Bit 1 active setpoint limiting factor

=0 =0 SAFE_DES_VELO_LIMIT[0]
=0 =1 SAFE_DES_VELO_LIMIT[1]
=1 =0 SAFE_DES_VELO_LIMIT[2]
=1 =1 SAFE_DES_VELO_LIMIT[3]

”Axis is SI axis” status signal

DB3x.DBX70.4: ”NCK Safety Integrated active”.

Description of signals from the monitoring channel

SGA SBH/SG active

This signal is used to signal the drive monitoring channel the status of the SBH and
SG functions as follows:
0 signal: SBH/SG is not active
1 signal: SBH/SG is active

SGA status, pulses are cancelled (drive only)

After the shutdown path test has been initiated using the SGE test stop selection
or if a limit value is violated with a resulting STOP A response, this signal is output
to indicate that the drive pulses have been internally cancelled.
For all axes, the signal is initialized with the value ”1”; for non--SI axes, the signal
permanently stays at a value of ”1” (see Chapter 6.1.1, ”Shutdown paths”).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-505
Data Description 10/15
8.6 Interface signals

Note
To identify as to whether an SI axis is available, the axis--specific signal
”NCK--Safety Integrated active” can be evaluated.

0 signal: Pulses are enabled

1 signal: pulses are cancelled

SGA axis safely referenced

This indicates as to whether the relevant axis/spindle has been safely referenced
(see Chapter 5.4.3, ”Axis states”).
0 signal: Axis is not safely referenced
1 signal: axis is safely referenced

SGA SN1+, SN1--, SN2+, SN2--, SN3+, SN3--, SN4+, SN4--

These signals are used to indicate which of the plus or minus cams of cam pair 1,
2, 3 or 4 is ”actuated”.
0 signal:
Axis/spindle is located to the left of the cam (actual value < cam position)
1 signal:
Axis/spindle is located to the right of the cam (actual value > cam position)

SGA safe cam track

These signals are used to display whether the axis is located on a cam that is
assigned to this cam track (this only applies to the ”safe cam track” function).
0 signal:
The axis is not located on a cam of the cam track
1 signal:
The axis is located on a cam of this cam track

SGA safe cam range

The bits (4 bits per cam track) display in which cam range the axis is presently
located (this is only valid for the ”safe cam track” function).

SGA safe cam range bits

This signal displays at which cam the axis is presently located (this is only valid for
the ”safe cam track” function).
0 signal: The axis is not located at this cam
1 signal: the axis is located at this cam

© Siemens AG 2015 All Rights Reserved

8-506 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

SGA SBH active

The signal indicates the status of the safe operating stop (SBH).
0 signal: SBH is not active
1 signal: SBH is active

SGA STOP A/B is active

This signal indicates that STOP A/B is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP A/B is not active
1 signal: STOP A/B is active

SGA STOP C is active

This signal indicates that STOP C is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP C is not active
1 signal: STOP C is active

SGA STOP D is active

This signal indicates that STOP D is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP D is not active
1 signal: STOP D is active

SGA STOP E is active

This signal indicates that STOP E is active.
The signal must be used for the forced checking procedure for external STOPs.
0 signal: STOP E is not active
1 signal: STOP E is active

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-507
Data Description 10/15
8.6 Interface signals

SGA ”n < nx”

This SGA indicates whether the absolute value of the actual speed is above or
below a speed specified in the machine data.

nx

1
SGA ”n < nx”
0

Figure 8-2 Signal n < nx, dependent on the speed characteristic

Warning
! A STOP F (displayed using Alarms 27001, 27101 and onwards or F01711) only
results in a subsequent STOP B/A response, if at least one of the safety--related
functions SBH, SG, SE, SN or n<nx synchronization is active or selected. If only
the function ”n < nx” is active, then a STOP F does not result in a subsequent
STOP B/A response.
This means that if ”n < nx” is used as a safety function, then at least one of the
SBH, SG, SE or SN functions must be active or selected (e.g. by selecting a high
SG level).

Note
If the axis/spindle runs at a speed nx, then as a result of actual differences in the
two monitoring channels, the SGA ”n < nx” can have different states.
This must be taken into account in the safe processing of the SGAs.

SG active, bits 0, 1
The SGAs ”SG active bits 1, 0” display which safely reduced speed and therefore
which speed limit value is actively monitored. The SGAs are only updated if the
function ”SBH/SG” is enabled and SG is active (SGE ”SBH/SG deselection” = 0
and ”SBH deselection” = 1).

© Siemens AG 2015 All Rights Reserved

8-508 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

Table 8-7 Display of the active safely reduced speed

SGA
SG SG SBH/ SBH Meaning
active active SG active
Bit 1 Bit 0 active
=0 =0 1 1 SBH is active (safely reduced speed not active)
=0 =0 1 0 Speed limit value active for SG1
=0 =1 1 0 Speed limit value active for SG2
=1 =0 1 0 Speed limit value active for SG3
=1 =1 1 0 Speed limit value active for SG4
=0 =0 0 0 Neither SBH nor SG active
Note:
The state ”SG active bits 1, 0” = ”0” has different meanings. A clear interpretation can be obtained by additionally
evaluating the SGAs ”SBH active” and ”SBH/SG active”.

Communication failure
For a sign--of--life error or CRC error, this signal is set to TRUE. The PLC--SPL
remains functional in so much that the drive monitoring channel is not required.
SGE to the drive are not effective. The SGA from the drive are frozen at the state
before communications failed.
Response time of the PLC when the sign of life character from the drive fails: 3 s
Response time of the PLC for CRC errors from the drive: 1 PLC cycle
Ongoing behavior depends on the bit ”Acknowledgment communication failure”.
The fault situation can only be executed with POWER ON.

Fault, data transfer

This signal is used to diagnose the cause for the set signal ”communication error”.
1 signal: There is a CRC error
0 signal: There is no CRC error

Acknowledgment, communication failure

It is possible to acknowledge faults that are displayed via the ”communication
failure” bit using the ”acknowledgment communication failure” signal. This acknowl-
edgment must be made in the same OB1 cycle as when the ”communication
failure” signal occurred as 0/1 edge.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-509
Data Description 10/15
8.6 Interface signals

Warning
! When setting the acknowledgment, the user assumes the responsibility of
providing suitable substitute values for the SGA of the drive, as these are no
longer valid. The user must bring the machine into a safe state.

If the acknowledgment is not made after an OB1 cycle, then the frozen SGA are
changed over from the drive to deleted SGA and the diagnostics bit ”Communica-
tion failure was not acknowledged” is set. If the acknowledgment is made within an
OB1 cycle, the SGA of the drive remain frozen and the diagnostics bit ”Communi-
cation failure was not acknowledged” is not set. There is no further response.
The fault situation can only be executed with POWER ON.

Communication failure was not acknowledged

Indicates whether a fault displayed using bit ”Communication failure” was acknowl-
edged using the bit ”Acknowledge communication failure”:

0: Communication has not failed or a communication failure was acknowl-

edged.
1: Communication has failed and this was not acknowledged.

8.6.3 PLC data block (DB 18)

Parameterization part

DB 18 Signals for safety SPL

Data block Interface PLC ------> PLC
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
INSEP valid (valid bit)
DBB 0 8th input 7th input 6th input 5th input 4th input 3rd input 2nd input 1st input
byte byte byte byte byte byte byte byte

DBB1
OUTSEPvalid (valid bit)
DBB 2 8th output 7th output 6th output 5th output 4th output 3rd output 2nd output 1st output
byte byte byte byte byte byte byte byte

DBB 3
INSEP_ADDR (address 1st input byte)

© Siemens AG 2015 All Rights Reserved

8-510 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

DB 18 Signals for safety SPL

DBW4
INSEP_ADDR (address 2nd input byte)
DBW6
INSEP_ADDR (address 3rd input byte)
DBW8
INSEP_ADDR (address 4th input byte)
DBW10
INSEP_ADDR (address 5th input byte)
DBW12
INSEP_ADDR (address 6th input byte)
DBW14
INSEP_ADDR (address 7th input byte)
DBW16
INSEP_ADDR (address 8th input byte)
DBW18
OUTSEP_ADDR (address 1st output byte)
DBW20
OUTSEP_ADDR (address 2nd output byte)
DBW22
OUTSEP_ADDR (address 3rd output byte)
DBW24
OUTSEP_ADDR (address 4th output byte)
DBW26
OUTSEP_ADDR (address 5th output byte)
DBW28
OUTSEP_ADDR (address 6th output byte)
DBW30
OUTSEP_ADDR (address 7th output byte)
DBW32
OUTSEP_ADDR (address 8th output byte)
DBW34
DBB36 STOP_E SPL_RE-
ADY
DBB37

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-511
Data Description 10/15
8.6 Interface signals

Note
DBB0--35 are not relevant for SINUMERIK 840D sl.

Data area/errors

DB 18 Signals for safety SPL

Data block Interface PLC ----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Data area of the SPL inputs/outputs
SPL_DATA.INSEP[1..32]
DBB 38..41
SPL_DATA.INSEP[33..64]
DBB 42..45
SPL_DATA.OUTSEP[1..32]
DBB 46..49
SPL_DATA.OUTSEP[33..64]
DBB 50..53
Data area for user SPL
SPL_DATA.INSIP[1..32]
DBB 54..57
SPL_DATA.INSIP[33..64]
DBB 58..61
SPL_DATA.OUTSIP[1..32]
DBB 62..65
SPL_DATA.OUTSIP[33..64]
DBB 66..69
SPL_DATA.MARKERSIP[1..32]
DBB 70..73
SPL_DATA.MARKERSIP[33..64]
DBB 74..77
Signal level difference NCK PLC for diagnostics
SPL_DELTA.INSEP[1..32]
DBB 78..81
SPL_DELTA.INSEP[33..64]
DBB 82..85

© Siemens AG 2015 All Rights Reserved

8-512 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

DB 18 Signals for safety SPL

SPL_DELTA.OUTSEP[1..32]
DBB 86..89
SPL_DELTA.OUTSEP[33..64]
DBB 90..93
SPL_DELTA.INSIP[1..32]
DBB 94..97
SPL_DELTA.INSIP[33..64]
DBB 98..101
SPL_DELTA.OUTSIP[1..32]
DBB 102..105
SPL_DELTA.OUTSIP[33..64]
DBB 106..109
SPL_DELTA.MARKERSIP[1..32]
DBB 110..115
SPL_DELTA.MARKERSIP[33..64]
DBB 114..113
DBB 118 CMDSI
DBB 119 NCK System CDC PROFI-
signals a error error safe
STOP to CDC ”SPL commu-
the PLC. protec- nication
tion error
status”
STATSI
DBD 120 Crosswise data comparison error initiated if the value is not equal to 0

LEVELSI
DBD 124 CDC stack level display
(diagnostics capability: How many SPL signals currently have different levels)

Additional data areas

DB 18 Signals for safety SPL

Data block Interface PLC ----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Data area of the single--channel inputs/outputs
From NCK PLCSIOUT[1..8]
DBB128

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-513
Data Description 10/15
8.6 Interface signals

DB 18 Signals for safety SPL

From NCK PLCSIOUT[9..16]
DBB129
From NCK PLCSIOUT[17..24]
DBB130
From NCK PLCSIOUT[25..32]
DBB131
to NCK PLCSIIN[1..8]
DBB132
to NCK PLCSIIN[9..16]
DBB133
to NCK PLCSIIN[17..24]
DBB134
to NCK PLCSIIN[25..32]
DBB135
SPL status[1..16]
DBB136..137
INSEP_PROFISAFE[1 ...8] PROFIsafe module(s) for
DBB138 8th 7th input 6th input 5th 4th input 3rd input 2nd input 1st
input byte byte input byte byte byte input
byte byte byte

DBB139
OUTSEP_PROFISAFE[1 ...8] PROFIsafe module(s) for
DBB140 8th 7th output 6th output 5th 4th output 3rd output 2nd output 1st
output byte byte output byte byte byte output
byte byte byte

DBB141

DBB142..149

DBB150..157

DBB158..188

© Siemens AG 2015 All Rights Reserved

8-514 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

F_SENDDP (sender)

DB 18 F_SENDDP 1..3
Data block Interface PLC <----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit Bit 3 Bit 2 Bit 1 Bit 0
4
FSDP[1].ERR_REAC
DBW190
FSDP[1]. FSDP[1].
DBB192 SUBS_ON ERROR

DBB193
FSDP[1].DIAG
DBW194
FSDP[1].RETVAL14
DBW196
FSDP[1].RETVAL15
DBW198
FSDP[2].ERR_REAC
DBW200
FSDP[2]. FSDP[2].
DBB202 SUBS_ON ERROR

DBB203
FSDP[2].DIAG
DBW204
FSDP[2].RETVAL14
DBW206
FSDP[2].RETVAL15
DBW208
FSDP[3].ERR_REAC
DBW210
FSDP[3]. FSDP[3].
DBB212 SUBS_ON ERROR

DBB213
FSDP[3].DIAG
DBW214

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-515
Data Description 10/15
8.6 Interface signals

DB 18 F_SENDDP 1..3
FSDP[3].RETVAL14
DBW216
FSDP[3].RETVAL15
DBW218

DB 18 F_SENDDP 4..16
Data block Interface PLC <----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
FSDP HF[4].ERR_REAC
DBW448
FSDP FSDP
HF[4]. HF[4].
DBB450 SUBS_ON ERROR

DBB451
FSDP HF[4].DIAG
FSDP_HF[4].DIAG
DBW452
FSDP HF[4].RETVAL14
FSDP_HF[4].RETVAL14
DBW454
FSDP HF[4].RETVAL15
FSDP_HF[4].RETVAL15
DBW456
FSDP HF[5].ERR_REAC
DBW448
FSDP FSDP
HF[5]. HF[5].
DBB450 SUBS_ON ERROR

DBB451
FSDP HF[5].DIAG
FSDP_HF[5].DIAG
DBW452
FSDP HF[5].RETVAL14
FSDP_HF[5].RETVAL14
DBW454
FSDP HF[5].RETVAL15
FSDP_HF[5].RETVAL15
DBW456
... ...
FSDP HF[16].ERR_REAC
DBW568
FSDP FSDP
HF[16]. HF[16].
DBB570 SUBS_ON ERROR

© Siemens AG 2015 All Rights Reserved

8-516 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

DB 18 F_SENDDP 4..16

DBB571
FSDP HF[16].DIAG
FSDP_HF[16].DIAG
DBW572
FSDP HF[16].RETVAL14
FSDP_HF[16].RETVAL14
DBW574
FSDP HF[16].RETVAL15
FSDP_HF[16].RETVAL15
DBW576

F_RECVDP (receiver)

DB 18 F_RECVDP 1..3
Data block Interface PLC <----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1].
DBB220 SUBS[7] SUBS[6] SUBS[5] SUBS[4] SUBS[3] SUBS[2] SUBS[1] SUBS[0]
FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1].
DBB221 SUBS[15] SUBS[14] SUBS[13] SUBS[12] SUBS[11] SUBS[10] SUBS[9] SUBS[8]
FRDP[1].ERR REAC
FRDP[1].ERR_REAC
DBW222
FRDP[1].
DBB224 ACK_REI
FRDP[1]. FRDP[1]. FRDP[1]. FRDP[1].
DBB225 SEND- ACK_REQ SUBS_ON ERROR
MODE
FRDP[1].DIAG
DBW226
FRDP[1].RETVAL14
DBW228
FRDP[1].RETVAL15
DBW230
FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2].
DBB232 SUBS[7] SUBS[6] SUBS[5] SUBS[4] SUBS[3] SUBS[2] SUBS[1] SUBS[0]
FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2].
DBB233 SUBS[15] SUBS[14] SUBS[13] SUBS[12] SUBS[11] SUBS[10] SUBS[9] SUBS[8]
FRDP[2].ERR REAC
FRDP[2].ERR_REAC
DBW234
FRDP[2].
DBB236 ACK_REI

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-517
Data Description 10/15
8.6 Interface signals

DB 18 F_RECVDP 1..3
FRDP[2]. FRDP[2]. FRDP[2]. FRDP[2].
DBB237 SEND- ACK_REQ SUBS_ON ERROR
MODE
FRDP[2].DIAG
DBW238
FRDP[2].RETVAL14
DBW240
FRDP[2].RETVAL15
DBW242
FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3].
DBB244 SUBS[7] SUBS[6] SUBS[5] SUBS[4] SUBS[3] SUBS[2] SUBS[1] SUBS[0]
FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3].
DBB245 SUBS[15] SUBS[14] SUBS[13] SUBS[12] SUBS[11] SUBS[10] SUBS[9] SUBS[8]
FRDP[3].ERR REAC
FRDP[3].ERR_REAC
DBW246
FRDP[3].
DBB248 ACK_REI
FRDP[3]. FRDP[3]. FRDP[3]. FRDP[3].
DBB249 SEND- ACK_REQ SUBS_ON ERROR
MODE
FRDP[3].DIAG
DBW250
FRDP[3].RETVAL14
DBW252
FRDP[3].RETVAL15
DBW254
SPL USER DATA[0]
SPL_USER_DATA[0]
DBD256
SPL USER DATA[1]
SPL_USER_DATA[1]
DBD260
SPL USER DATA[2]
SPL_USER_DATA[2]
DBD264
SPL USER DATA[3]
SPL_USER_DATA[3]
DBD268

DB 18 F_RECVDP 4..16
Data block Interface PLC <----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
FRDP FRDP FRDP FRDP FRDP FRDP FRDP FRDP
HF[4]. HF[4]. HF[4]. HF[4]. HF[4]. HF[4]. HF[4]. HF[4].
DBB578 SUBS[7] SUBS[6] SUBS[5] SUBS[4] SUBS[3] SUBS[2] SUBS[1] SUBS[0]

© Siemens AG 2015 All Rights Reserved

8-518 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

DB 18 F_RECVDP 4..16
FRDP FRDP FRDP FRDP FRDP FRDP FRDP FRDP
HF[4]. HF[4]. HF[4]. HF[4]. HF[4]. HF[4]. HF[4]. HF[4].
DBB579 SUBS[15] SUBS[14] SUBS[13] SUBS[12] SUBS[11] SUBS[10] SUBS[9] SUBS[8]
DBW580 FRDP HF[4].ERR_REAC
FRDP
HF[4].
DBB582 ACK_REI
FRDP FRDP FRDP FRDP
HF[4]. HF[4]. HF[4]. HF[4].
DBB583 SEND- ACK_REQ SUBS_ON ERROR
MODE
DBW584 FRDP HF[4].DIAG
DBW586 FRDP HF[4].RETVAL14
DBW588 FRDP HF[4].RETVAL15
FRDP FRDP FRDP FRDP FRDP FRDP FRDP FRDP
HF[5]. HF[5]. HF[5]. HF[5]. HF[5]. HF[5]. HF[5]. HF[5].
DBB590 SUBS[7] SUBS[6] SUBS[5] SUBS[4] SUBS[3] SUBS[2] SUBS[1] SUBS[0]
FRDP FRDP FRDP FRDP FRDP FRDP FRDP FRDP
HF[5]. HF[5]. HF[5]. HF[5]. HF[5]. HF[5]. HF[5]. HF[5].
DBB591 SUBS[15] SUBS[14] SUBS[13] SUBS[12] SUBS[11] SUBS[10] SUBS[9] SUBS[8]
DBW592 FRDP HF[5].ERR_REAC
FRDP
HF[5].
DBB594 ACK_REI
FRDP FRDP FRDP FRDP
HF[5]. HF[5]. HF[5]. HF[5].
DBB595 SEND- ACK_REQ SUBS_ON ERROR
MODE
DBW596 FRDP HF[5].DIAG
DBW598 FRDP HF[5].RETVAL14
DBW600 FRDP HF[5].RETVAL15
... ...
FRDP FRDP FRDP FRDP FRDP FRDP FRDP FRDP
HF[16]. HF[16]. HF[16]. HF[16]. HF[16]. HF[16]. HF[16]. HF[16].
DBB722 SUBS[7] SUBS[6] SUBS[5] SUBS[4] SUBS[3] SUBS[2] SUBS[1] SUBS[0]
FRDP FRDP FRDP FRDP FRDP FRDP FRDP FRDP
HF[16]. HF[16]. HF[16]. HF[16]. HF[16]. HF[16]. HF[16]. HF[16].
DBB723 SUBS[15] SUBS[14] SUBS[13] SUBS[12] SUBS[11] SUBS[10] SUBS[9] SUBS[8]
DBW724 FRDP HF[16].ERR_REAC
FRDP
HF[16].
DBB726 ACK_REI

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-519
Data Description 10/15
8.6 Interface signals

DB 18 F_RECVDP 4..16
FRDP FRDP FRDP FRDP
HF[16]. HF[16]. HF[16]. HF[16].
DBB727 SEND- ACK_REQ SUBS_ON ERROR
MODE
DBW728 FRDP HF[16].DIAG
DBW730 FRDP HF[16].RETVAL14
DBW732 FRDP HF[16].RETVAL15

Data area / errors (extended data area)

DB 18 Signals for safety SPL

Data block Interface PLC <----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
SPL_DATA_HF.INSEP[65...96]
DBB272..275
SPL_DATA_HF.INSEP[97...128]
DBB276..279
SPL_DATA_HF.INSEP[129...160]
DBB280..283
SPL_DATA_HF.INSEP[161...192]
DBB284..287
SPL_DATA_HF.OUTSEP[65...96]
DBB288..291
SPL_DATA_HF.OUTSEP[97...128]
DBB292..295
SPL_DATA_HF.OUTSEP[129...160]
DBB296..299
SPL_DATA_HF.OUTSEP[161...192]
DBB300..303
Data area for user SPL
SPL_DATA_HF.INSIP[65...96]
DBB304..307
SPL_DATA_HF.INSIP[97...128]
DBB308..311

© Siemens AG 2015 All Rights Reserved

8-520 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

SPL_DATA_HF.INSIP[129...160]
DBB312..315
SPL_DATA_HF.INSIP[161...192]
DBB316..319
SPL_DATA_HF.OUTSIP[65...96]
DBB320..323
SPL_DATA_HF.OUTSIP[97...128]
DBB324..327
SPL_DATA_HF.OUTSIP[129...160]
DBB328..331
SPL_DATA_HF.OUTSIP[161...192]
DBB332..335
SPL_DATA_HF.MARKERSIP[65...96]
DBB336..339
SPL_DATA_HF.MARKERSIP[97...128]
DBB340..343
SPL_DATA_HF.MARKERSIP[129...160]
DBB344..347
SPL_DATA_HF.MARKERSIP[161...192]
DBB348..351
Difference in signal level NCK -- PLC for diagnostics
SPL_DELTA_HF.INSEP[65...96]
DBB352..355
SPL_DELTA_HF.INSEP[97...128]
DBB356..359
SPL_DELTA_HF.INSEP[129...160]
DBB360..363
SPL_DELTA_HF.INSEP[161...192]
DBB364..367
SPL_DELTA_HF.OUTSEP[65...96]
DBB368..371
SPL_DELTA_HF.OUTSEP[97...128]
DBB372..375
SPL_DELTA_HF.OUTSEP[129...160]
DBB376..379
SPL_DELTA_HF.OUTSEP[161...192]
DBB380..383
SPL_DELTA_HF.INSIP[65...96]

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-521
Data Description 10/15
8.6 Interface signals

DBB384..387
SPL_DELTA_HF.INSIP[97...128]
DBB388..391
SPL_DELTA_HF.INSIP[129...160]
DBB392..395
SPL_DELTA_HF.INSIP[161...192]
DBB396..399
SPL_DELTA_HF.OUTSIP[65...96]
DBB400..403
SPL_DELTA_HF.OUTSIP[97...128]
DBB404..407
SPL_DELTA_HF.OUTSIP[129...160]
DBB408..411
SPL_DELTA_HF.OUTSIP[161...192]
DBB412..415
SPL_DELTA_HF.MARKERSIP[65...96]
DBB416..419
SPL_DELTA_HF.MARKERSIP[97...128]
DBB420..423
SPL_DELTA_HF.MARKERSIP[129...160]
DBB424..427
SPL_DELTA_HF.MARKERSIP[161...192]
DBB428..431

Additional data areas (extended data area)

DB 18 Signals for safety SPL

Data block Interface PLC <----> NCK
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
Data area of the single--channel inputs/outputs
From NCK PLCSIOUT_HF[33...40]
DBB432
From NCK PLCSIOUT_HF[41...48]
DBB433
From NCK PLCSIOUT_HF[49...56]
DBB434
From NCK PLCSIOUT_HF[57...64]

© Siemens AG 2015 All Rights Reserved

8-522 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

DB 18 Signals for safety SPL

DBB435
From NCK PLCSIOUT_HF[65...72]
DBB436
From NCK PLCSIOUT_HF[73...80]
DBB437
From NCK PLCSIOUT_HF[81...88]
DBB438
From NCK PLCSIOUT_HF[89...96]
DBB439
to NCK PLCSIIN_HF[33...40]
DBB440
to NCK PLCSIIN_HF[41...48)
DBB441
to NCK PLCSIIN_HF[49...56]
DBB442
to NCK PLCSIIN_HF[57...64]
DBB443
to NCK PLCSIIN_HF[65...72]
DBB444
to NCK PLCSIIN_HF[73...80]
DBB445
to NCK PLCSIIN_HF[81...88]
DBB446
to NCK PLCSIIN_HF[89...96]
DBB447

SPL status signals for DB18.DBW136

DB18.DBX136.0 SPL_STATUS[1] NCK--SPL interfaces parameterized

DB18.DBX136.1 SPL_STATUS[2] NCK--SPL program file exists
DB18.DBX136.2 SPL_STATUS[3] NCK waits for the PLC to boot
DB18.DBX136.3 SPL_STATUS[4] NCK and PLC in cyclic operation
DB18.DBX136.4 SPL_STATUS[5] Call FB4 processing for SPL
DB18.DBX136.5 SPL_STATUS[6] Exit FB4 processing for SPL
DB18.DBX136.6 SPL_STATUS[7] Call FC9 processing for SPL
DB18.DBX136.7 SPL_STATUS[8] Exit FC9 processing for SPL

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-523
Data Description 10/15
8.6 Interface signals

DB18.DBX137.0 SPL_STATUS[9] SPL start implemented using PROG_EVENT

mechanism
DB18.DBX137.1 SPL_STATUS[10] Crosswise data comparison started, NCK
DB18.DBX137.2 SPL_STATUS[11] Crosswise data comparison started, PLC
DB18.DBX137.3 SPL_STATUS[12] NCK--SPL checksum checking active
DB18.DBX137.4 SPL_STATUS[13] All SPL protective mechanisms active
DB18.DBX137.5 SPL_STATUS[14] End of SPL program reached
DB18.DBX137.6 SPL_STATUS[15] SPL start via Safety--Power On completed
DB18.DBX137.7 SPL_STATUS[16] Not connected

Table 8-8 Overview of DB 18 signals

DB18
Signal r/w Type Value range Remark
Parameterization part
INSEP_ADDR[1..8] r/w Int 1...EB max Address, input byte
(no significance)
OUTSEP_ADDR[1..8] r/w Int 1...AB max Address, output byte
(no significance)
SPL_READY r/w Bool 0 = commissioning phase
(for a crosswise data comparison
error, a STOP D is not initiated)
1 = commissioning completed
(for a crosswise data comparison
error, STOP D is initiated)
STOP_MODE r/w Bool If DB18, DBX36.1 was set to 1, for
a crosswise data comparison error,
instead of an external STOP D, an
external STOP E is transferred to
the drive
Data area/status
SPL_DATA Net (useful) data:
INSEP[1..192] r Bool External PLC input for the SPL
OUTSEP[1..192] r/w Bool External PLC output for the SPL
INSIP[1..192] r Bool Internal PLC input for the SPL
OUTSIP[1..192] r/w Bool Internal PLC output for the SPL
MARKERSIP[1..192] r/w Bool Marker for SPL
SPL_DELTA Signal differences for diagnostics:
INSEP[1..192] r Bool External PLC input for the SPL
OUTSEP[1..192] r Bool External PLC output for the SPL
INSIP[1..192] r Bool Internal PLC input for the SPL
OUTSIP[1..192] r Bool Internal PLC output for the SPL
MARKERSIP[1..192] r Bool Marker for SPL

© Siemens AG 2015 All Rights Reserved

8-524 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

Table 8-8 Overview of DB 18 signals, continued

Signal r/w Type Value range Remark

CMDSI r/w Bool The timeout value in the crosswise
data comparison is extended by a
factor of 10
PS_FEHL r Bool PS--communication error, in con-
junction with PROFIsafe, an error is
signaled
IBN_FAULT r Bool CDC error ”SPL protection status”
(Status NC: $MN_PREVENT_SYN-
ACT_LOCK not equal to PLC:
SPL_READY)
COMM_TO r Bool 0 --> 1 communications timeout de-
tected, PLC will go to STOP in 5 s
STOP_FROM_NC r Bool NCK signals a stop to the PLC.
STATSI r Dint Crosswise data comparison error if
the value is not equal to 0

LEVELSI r Dint CDC stack level display

(diagnostics capability: How many
SPL signals currently have different
levels)
PLCSIIN[1 ..32] r/w Bool Single--channel signals from the
PLC to NCK
PLCSIOUT[1 ..32] r Bool Single--channel signals from the
NCK to the PLC
SPL_STATUS r Bool Status signals from NCK to PLC
F_SENDDP
Inputs
FSDP[1..3].ERR_REAC r/w Int 0, 1, 2, 3 0 = Alarm27350 + STOP D/E
FSDP_HF[4..16].ERR_REAC 1 = Alarm 27350
2 = Alarm 27351 (only display, self--
clearing)
3 = No system reaction
Outputs
FSDP[1..3].ERROR r Bool TRUE, 0 = Normal mode
FSDP_HF[4..16].ERROR FALSE 1 = Communication error

FSDP[1..3].SUBS_ON r Bool TRUE, 0 = output of process values

FSDP_HF[4..16].SUBS_ON FALSE 1 = output of substitute values

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-525
Data Description 10/15
8.6 Interface signals

Table 8-8 Overview of DB 18 signals, continued

Signal r/w Type Value range Remark

FSDP[1..3].DIAG r Word 2#0000_0000_ Bit 0--3: Reserved
FSDP_HF[4..16].DIAG 0000_0000 Bit 4: 1 = Timeout detected
-- Bit 5: 1 = Sequence number error
detected
2#1110_0000_0
Bit 6: 1 = CRC error detected
111_0000
Bit 7--12: Reserved
Bit 13: 1 = Discrepancies in the F
telegram data (Telegram Discrep-
ancy)
Bit 14: 1 = Sign--of--life monitoring
(LifeSign)
Bit 15: 1 = Asynchronous fault state
(StateFault)
FSDP[1..3].RETVAL14 r Word Error code of the SFC 14 (descrip-
FSDP_HF[4..16].RETVAL14 tion of the error codes in the online
help for SFC 14)
FSDP[1..3].RETVAL15 r Word Error code of the SFC 15 (descrip-
FSDP_HF[4..16].RETVAL15 tion of the error codes in the online
help for SFC 15)
F_RECVDP
Inputs
FRDP[1..3].SUBS_ON[0..15] r/w Bool TRUE/FALSE Substitute values for SPL input
FRDP_HF[4..16].SUBS_ON[0..1 data
5]
FRDP[1..3].ERR_REAC r/w Int 0, 1, 2, 3 0 = Alarm 27350 + STOP D/E
FRDP_HF[4..16].ERR_REAC 1 = Alarm 27350
2 = Alarm 27351 (only display, self--
clearing)
3 = No system reaction
FRDP[1..3].ACK_REI r/w Bool TRUE/FALSE 1 = User acknowledgment
FRDP_HF[4..16].ACK_REI
Outputs
FRDP[1..3].ERROR r Bool TRUE/FALSE 0 = Normal mode
FRDP_HF[4..16].ERROR 1 = Communication error

FRDP[1..3].SUBS_ON r Bool TRUE/FALSE 0 = output of process values

FRDP_HF[4..16].SUBS_ON 1 = output of substitute values

FRDP[1..3].ACK_REQ r Bool TRUE/FALSE 1 = User acknowledgment required

FRDP_HF[4..16].ACK_REQ
FRDP[1..3].SENDMODE r Bool TRUE/FALSE 1 = F_CPU of the sender in deacti-
FRDP_HF[4..16].SENDMODE vated safety operation

© Siemens AG 2015 All Rights Reserved

8-526 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

Table 8-8 Overview of DB 18 signals, continued

Signal r/w Type Value range Remark

FRDP[..3].DIAG r Word 2#0000_0000_ Bit 0--3: Reserved
FRDP_HF[4..16].DIAG 0000_0000 Bit 4: 1 = Timeout detected
-- Bit 5: 1 = Sequence number error
detected
2#1110_0000_0
Bit 6: 1 = CRC error detected
111_0000
Bit 7--12: Reserved
Bit 13: 1 = Discrepancies in the F
telegram data (Telegram Discrep-
ancy)
Bit 14: 1 = Sign--of--life monitoring
(LifeSign)
Bit 15: 1 = Asynchronous fault state
(StateFault)
FRDP[1..3].RETVAL14 r Word Error code of the SFC 14 (descrip-
FRDP_HF[4..16].RETVAL14 tion of the error codes in the online
help for SFC 14)
FRDP[1..3].RETVAL15 r Word Error code of the SFC 15 (descrip-
FRDP_HF[4..16].RETVAL15 tion of the error codes in the online
help for SFC 15)
User data
MD13312: $MN_SAFE_SPL_USER_DATA[0]=1h corresponds to DB18.DBX259.0 = 1
MD13312: $MN_SAFE_SPL_USER_DATA[1]=2702h corresponds to
DB18.DBX263.1 = 1
DB18.DBX262.0 = 1
DB18.DBX262.1 = 1
DB18.DBX262.2 = 1
DB18.DBX262.5 = 1
Data area/status
SPL_DATA_HF.INSEP[65...192] r Bool External PLC input for the SPL
User data
SPL_DATA_HF.OUT- r/w Bool External PLC input for the SPL
SEP[65...192] User data
SPL_DATA_HF.INSIP[65...192] r Bool Internal PLC input for the SPL
User data
SPL_DATA_HF.OUT- r/w Bool Internal PLC input for the SPL
SIP[65...192] User data
SPL_DATA_HF.MARKER- r/w Bool Marker for SPL
SIP[65...192] User data
SPL_DELTA_HF.INSEP[65...192] r Bool External PLC input for the SPL
Signal differences for diagnostics
SPL_DELTA_HF.OUT- r/w Bool External PLC input for the SPL
SEP[65...192] Signal differences for diagnostics
SPL_DELTA_HF.INSIP[65...192] r Bool Internal PLC input for the SPL
Signal differences for diagnostics
SPL_DELTA_HF.OUT- r/w Bool Internal PLC input for the SPL
SIP[65...192] Signal differences for diagnostics

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-527
Data Description 10/15
8.6 Interface signals

Table 8-8 Overview of DB 18 signals, continued

Signal r/w Type Value range Remark

SPL_DELTA_HF.MARKER- r/w Bool Marker for SPL
SIP[65...192] Signal differences for diagnostics
PLCSIIN_HF[33...96] r/w Bool Single--channel signals from the
PLC to NCK
Signal differences for diagnostics
PLCSIOUT_HF[33...96] r Bool Single--channel signals from the
NCK to the PLC
Signal differences for diagnostics
r means reading, w means writing

8.6.4 Axis signals: Safety Control Channel (SCC) / Safety Info Chan-
nel (SIC)

DB 31 to 61 Signals to/from axis/spindle

Data block SCC (PLC > drive)
Byte Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
DBB140 Test
stops for
exten-
ded
func-
tions
DBB141
DBB142
DBB143 External Test se- Direction Test with Start Select
brake quence of rota- brake 1 brake safe
closed 1 or 2 tion or 2 test brake
test
DBB144...163
SIC (drive ----> PLC)
DBB164 Safety ESR re- Bit1 limit Bit0 limit
error quested value value
active safely safely
reduced reduced
Velocity speed

DBB165 Safety Safely Safe oper- Safely Safe Safe Safe Safe
error limited ating stop limited operat- Stop2 Stop 1 torque
with speed selected speed ing stop off
STOP A selected active active

© Siemens AG 2015 All Rights Reserved

8-528 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.6 Interface signals

DB 31 to 61 Signals to/from axis/spindle

DBB166 Test stop Test Safe Safe
requested stop direction direction
active neg pos
DBB167 Safely Bit 0 for
Limited safely
Position limited
position
range
DBB168 Speed limit
DBB172 Accept- Accept-
ance ance
test is test
selected safely
limited
position
DBB173 Load Close Brake test Brake Brake Test with Setpoint Safe
torque external completed test was test brake 2 input Brake
negative brake OK active during Test
sign SBT in (SBT)
the drive
DBB
174...DBB
187

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-529
Data Description 10/15
8.7 System variables

8.7 System variables

8.7.1 System variables for SINUMERIK 840D sl

System variable

Table 8-9 Overview of system variables

System variable Meaning Value range Data Possible access for

type
Part program Synchronized
action
r w r w
Actual position
$VA_IS[axis] Safe actual position NCK Axis identifier DOUBLE x x
monitoring channel GEOAX
CHANAX
MACHAX
SPINDLE
$AA_IM[axis] Actual MCS setpoint of an axis Axis identifier DOUBLE x x
GEOAX
CHANAX
MACHAX
SPINDLE
$VA_IM[axis] Encoder actual value in the Axis identifier DOUBLE x x
machine coordinate system GEOAX
CHANAX
MACHAX
SPINDLE
Internal inputs/outputs
$A_INSI[n] NCK input n = 1, 2, ... 192 BOOL x x
stands for the
number of the
input 1)
$A_INSID[n] NCK inputs n = 1,2, ... 6 INT x x
stands for the
number of the
double word
(32 bit) 1)
$A_INSIP[n] Image, PLC input n = 1, 2, ...192 BOOL x x
stands for the
number of the
input1)
$A_INSIPD[n] Image of the PLC--SPL inputs n = 1, 2, ... 6 INT x x
from the drive monitoring channel stands for the
number of the
double word
(32 bit)1)

© Siemens AG 2015 All Rights Reserved

8-530 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

Table 8-9 Overview of system variables, continued

r w r w
$A_OUTSI[n] NCK output n = 1, 2, ... 192 BOOL x x x x
stands for the
number of the
output 1)
$A_OUTSID[n] NCK outputs n = 1, 2, ... 6 INT x x x x
stands for the
number of the
double word
(32 bit)1)
$A_OUTSIP[n] Image, PLC output n = 1, 2, ...1921) BOOL x x
$A_OUTSIPD[n] Image of the PLC--SPL outputs n = 1, 2, ... 6 INT x x
from the drive monitoring channel stands for the
number of the
double word
(32 bit)1)
External inputs/outputs
$A_INSE[n] NCK input n = 1, 2, ... 192 BOOL x x
stands for the
number of the
input 1)
$A_INSED[n] NCK inputs n = 1, 2, ... 6 INT x x
stands for the
number of the
double word
(32 bit)1)
$A_INSEP[n] Image of a PLC--SPL input from n = 1, 2, ... 192 BOOL x x
PLC HW I/O stands for the
number of the
input 1)
$A_INSEPD[n] Image of the PLC--SPL inputs n = 1, 2, ... 6 INT x x
from PLC HW I/O stands for the
number of the
double word (32
bit)1)
$A_OUTSE[n] NCK output n = 1, 2, ... 192 BOOL x x x x
stands for the
number of the
output 1)
$A_OUTSED[n] NCK outputs n = 1, 2, ... 6 INT x x x x
stands for the
number of the
double word
(32 bit)1)
$A_OUTSEP[n] Image of a PLC--SPL output from n = 1, 2, ... 192 BOOL x x
PLC HW I/O stands for the
number of the
output 1)
$A_OUTSEPD[n] Image of PLC--SPL outputs at the n = 1, 2, ... 6 INT x x
PLC HW I/O stands for the
number of the
double word
(32 bit)1)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-531
Data Description 10/15
8.7 System variables

Table 8-9 Overview of system variables, continued

r w r w
Markers and timers
$A_MARKERSI[n] Marker n = 1, 2, ... 192 BOOL x x x x
stands for the
number of the
marker 1)
$A_MARKER- Marker n = 1, 2, ... 6 INT x x x x
SID[n] stands for the
number of the
double word
(32 bit)1)
$A_MARKER- Image of the PLC markers n = 1, 2, ...192 BOOL x x
SIP[n] 1) stands for the

number of the
marker
$A_MARKER- Image of the PLC markers n = 1, 2, ... 6 INT x x
SIPD[n] stands for the
number of the
double word
(32 bit)1)
$A_TIMERSI[n] Timer n = 1, 2...16 REAL x x x x
stands for the
number of the
timer
F_SENDDP
Inputs
$A_FSDP_ERR_R Response when a communication n = 1, ..., 16 INT x x x x
EAC[n] error occurs stands for the
number of the
F--SENDDP
relationship, is
also valid for
$A_FDFSDP_
ERROR;,
$A_FSDP_
SUBS_ON,
$AFSDP_DIAG
Outputs
$A_FSDP_ER- There is a communication error n = 1, ..., 16 BOOL x x
ROR[n]
$A_FSDP_SUBS_ Substitute values are output to the n = 1, ..., 16 BOOL x x
ON[n] application at the F_RECVDP
(receiver)
$A_FSDP_DIAG[n The cause of the communication n = 1, ..., 16 INT x x
] error determined by F_SENDDP
is communicated

© Siemens AG 2015 All Rights Reserved

8-532 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

Table 8-9 Overview of system variables, continued

r w r w
F_RECVDP
Inputs
$A_FRDP_SUBS[ The substitute values that are n = 1, ..., 16 INT x x x x
n] output to the SPL in certain states stands for the
are entered number of the
F--RECVDP
relationship, is
also valid for
$A_FRDP_
ERR_REAC,
$A_FRDP_
ACK_REI,
$A_FRDP_
ERROR,
$A_FRDP_
SUBS_ON,
$A_FRDP_
ACK_REQ,
$A_FRDP_
SENDMODE,
$A_FRDP_
DIAG
$A_FRDP_ERR_R Response when a communication n = 1, ..., 16 INT x x x x
EAC[n] error occurs
$A_FRDP_ACK_R Error--free F telegrams are again n = 1, ..., 16 BOOL x x x x
EI[n] cyclically exchanged after a com-
munication error
Outputs
$A_FRDP_ER- There is a communication error n = 1, ..., 16 BOOL x x
ROR[n]
$A_FRDP_SUBS_ Substitute values are output to the n = 1, ..., 16 BOOL x x
ON[n] application
$A_FRDP_ACK_R Error--free F telegrams are again n = 1, ..., 16 BOOL x x
EQ[n] cyclically exchanged after a com-
munication error
$A_FRDP_SEND- Actual operating mode of the n = 1, ..., 16 BOOL x x
MODE[n] F--CPU of the F_SENDDP com-
munication partner
$A_FRDP_DIAG[n The cause of the communication n = 1, ..., 16 INT x x
] error determined by F_RECVDP
is communicated

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-533
Data Description 10/15
8.7 System variables

Table 8-9 Overview of system variables, continued

r w r w
Miscellaneous
$A_STATSID Crosswise data comparison error Bit 0...5=1: INT x x
triggered if the value is not equal CDC error in
to 0 I/O signals,
markers or dy-
namic data of
the SENDDP/
RECVDP com-
munication
Bit26=1: PRO-
FIsafe commu-
nication error
occurred
Bit27=1: CDC
error in static
data
Bit 28=1: Cross-
wise data com-
parison error
”SPL protection
status” (status
$MN_PRE-
VENT_SYN-
ACT_LOCK not
equal to DB18
DBX36.0 /SPL
READY))
Bit 29=1: Time
error in the
communications
between NCK
and PLC (in 5 s,
all ext. NCK--
SPL outputs are
set to 0, the
PLC goes to
stop)
$A_CMDSI Control word for crosswise data n = 1: Increase BOOL x x x x
comparison between the NCK the time for the
and PLC (SPL--CDC) signal change
monitoring to
10 s
$A_LEVELSID CDC stack level display: Number [0, MAX_INT] INT x x
of signals for which NCK and PLC
detect different signal levels

© Siemens AG 2015 All Rights Reserved

8-534 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

Table 8-9 Overview of system variables, continued

r w r w
$A_XFAULTSI Bit 0=1: [0,3] INT x x
In a crosswise data comparison
between NCK and drive of any
particular safety axis, an actual
value error was detected.
Bit 1=1:
In the crosswise data comparison
between NCK and drive of any
axis, an error was detected and
the delay time (<>0) until STOP B
is initiated for this axis is either
running or has already expired.
$VA_XFAULTSI[axi Bit 0=1: [0,3] INT x x
s] The crosswise data comparison
for this axis between NCK and
drive has detected an actual value
error.
Bit 1=1:
In the crosswise data comparison
between NCK and drive of this
axis, an error was detected and
the delay time (<>0) until STOP B
is initiated for this axis is either
running or has already expired.
$VA_STOPSI[axis] Actual Safety Integrated stop of [--1,11] INT x x
the particular axis
1: no stop
0: Stop A
1: Stop B
2: Stop C
3: Stop D
4: Stop E
5: Stop F
10: Test stop
11: Test external pulse
cancellation
$A_STOPESI Actual Safety Integrated Stop E [0,MAX_INT] INT x x
for any arbitrary axis
0: no stop
otherwise: presently one axis
has a Stop E
$A_PLCSIIN[n] Single--channel direct communi- n = 1, 2,... 96 1) BOOL x x
cation between NCK and PLC--
SPL. Signals can be written by
the PLC and read by the NCK.
$A_PLCSIOUT[n] Single--channel direct communi- n = 1, 2,... 96 1) BOOL x x
cation between NCK and PLC--
SPL. Signals can be read by the
PLC, written to and read from the
NCK.
$AC_SAFE_SYNA Free safety synchronized action [0, MAX_INT] x x
_MEM elements

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-535
Data Description 10/15
8.7 System variables

Table 8-9 Overview of system variables, continued

r w r w
$VA_SAFE_TYPE[ Information about the active [0, 1, 2] INT x x
axis] safety operating mode of this axis
Note:
r - > read, w --> write
An implicit preliminary stop is generated
only permitted in the commissioning phase
1) The number of these system variables depends on the option SI Basic, SI Comfort or SI High--Feature.
SI Basic 4I/4O
SI Comfort 64I/64O
SI High--Feature 192I/192O

8.7.2 Description of the system variables

System variable $VA_IS

The safe actual value, used by SI, can be read and further processed by the NC
part program for every axis/spindle.
Example:
When an NC part program is started, Safety Integrated checks whether axis X
would move into the vicinity of shutdown limits as a result of the zero offsets when
a program is processed. The part program can be programmed as follows, for
example:

IF ($VA_IS[X] < 10000) GOTOF POS_OK ; if the actual value is too high,
MESG (”Axis has nearly reached limit switch!”) ; then message,
POS_OK: ; otherwise, continue here
...

The variable can also be used in synchronous actions in order to reduce the
override when the axis is nearly at the limit switch.

© Siemens AG 2015 All Rights Reserved

8-536 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

Difference between $VA_IS and $AA_IM

Both variable $VA_IS and variable $AA_IM can be used to read actual values.

Table 8-10 Difference between $VA_IS and $AA_IM

Variable Meaning
$VA_IS Reading the actual value used by SI
$AA_IM For the actual value, instead of $AA_IM, variable $VA_IM should be used

Reference: /PGA/, Programming Instructions Job Planning

System variables $A_XFAULTSI and $VA_XFAULTSI

For crosswise data comparison errors between the NCK and SINAMICS S120, the
response depends on the actual operating state:
S SBH, SG, SE, SN or n<nx synchronization active: A crosswise data comparison
error causes a transition from Stop F to Stop B -- which in turn initiates the
fastest possible braking of the axis. A Stop A is then initiated and the pulse
enable is cancelled.
S SBH, SG and n<nx synchronization inactive and SE/SN not used or Stop C/D/E
already active: In this case, a Stop F due to a crosswise data comparison error
does not result in any further action -- only Alarm 27001 or 2710x is output that
provides information. Processing then continues.
This chain of responses is not altered to ensure the appropriate level of safety for
personnel.
To allow responses to a crosswise data comparison error, system variable
$A_XFAULTSI is used to display that a crosswise data comparison error has
occurred on a particular SI axis. Retraction can then be initiated as a response to
this system variable.
Further, an axis--specific system variable $VA_XFAULTSI[<axis name>] has been
introduced so that, if necessary, axis--specific responses can be applied.
The system variables are updated independent of whether SI monitoring functions
are active or inactive.
$A_XFAULTSI
Information about Stop F for a safety axis:

Bit 0 = 1: In a crosswise data comparison between NCK and drive of any

particular safety axis, an actual value error was detected.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-537
Data Description 10/15
8.7 System variables

Bit 1 = 1: In the crosswise data comparison between NCK and drive of any
axis, an error was detected and the delay time until Stop B is
initiated ($MA_SAFE_STOP_SWITCH_TIME_F) for this axis is
either running or has already expired.
Note: The bit is only set if a delay not equal to 0 is configured.

$VA_XFAULTSI[X] (X = axis identifier)

Information about Safety Integrated Stop F for this axis

Bit 0 set: In the crosswise data comparison between NCK and drive an
actual value error was detected.
Bit 1 set: In the crosswise data comparison between NCK and drive -- an
error was detected and the delay time – up until a STOP B
($MA_SAFE_STOP_SWITCH_TIME_F) is initiated – is either
running or has expired.
Note: The bit is only set if a delay not equal to 0 is configured.

System variable $VA_STOPSI

Axis--specific system variable that contains the present stop. For a value of 4, a
Stop E is active for this axis.

System variable $A_STOPESI

Global system variable that with a value not equal to 0 indicates that a Stop E is
active for one particular axis.

System variable $VA_SAFE_TYPE

Information about the active safety operating mode of this axis:

= 0: No Safety Integrated motion monitoring active

= 1: Safety Integrated NCK--integrated motion monitoring active
= 2: Safety Integrated drive--integrated motion monitoring with SIC/SCC
coupling active

System variables $A_INSI[1...192]

The status signals of the NCK monitoring channel can be used in the NCK--SPL
using these system variables. Each of the system variables $A_INSI[1...192] can
be assigned any safety--related output signal or the AND logic operation of several
signals using axis--specific MD $MA_SAFE_xxx_OUTPUT. These system
variables can only be read by the user program.

© Siemens AG 2015 All Rights Reserved

8-538 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

Parameterizing example:
-- $MA_SAFE_CAM_PLUS_OUTPUT[0] = 04010101H
=> the SGA ”SN1+” can be evaluated in the SPL using the system variable
$A_INSI[1].
Programming example:
; copying an SGA from the internal SPL interface into the ext. SPL
interface

N1010 IDS = 01 DO $A_OUTSE[1] = $A_INSI[1]

These system variables can only be read by the user program.

System variable $A_INSE[1...192]

The system variables $A_INSE contain the input circuit of the NCK--SPL.

System variable $A_INSED[1...6]

Image of the safety input signals (external NCK interface).
$A_INSED[1] corresponds to $A_INSE[1...32]
$A_INSED[2] corresponds to $A_INSE[33...64]
$A_INSED[3] corresponds to $A_INSE[65...96]
$A_INSED[4] corresponds to $A_INSE[97...128]
$A_INSED[5] corresponds to $A_INSE[129...160]
$A_INSED[6] corresponds to $A_INSIE[161...192]

System variable $A_INSID[1...6]

The status signals of the NCK monitoring channel can be evaluated in the NCK--
SPL in a double--word--serial fashion using this system variable:
$A_INSID[1] corresponds to $A_INSI[1...32]
$A_INSID[2] corresponds to $A_INSI[33...64]
$A_INSID[3] corresponds to $A_INSI[65...96]
$A_INSID[4] corresponds to $A_INSI[97...128]
$A_INSID[5] corresponds to $A_INSI[129...160]
$A_INSID[6] corresponds to $A_INSI[161...192]
These system variables can only be read by the user program.

System variables $A_OUTSE[1...192]

The system variables $A_OUTSE contain the outputs of the NCK--SPL.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-539
Data Description 10/15
8.7 System variables

System variables $A_OUTSI[1...192]

The control signals of the NCK monitoring channel can be addressed from the
NCK--SPL using these system variables. Each of the system variables
$A_OUTSI[1...192] can be simultaneously assigned any one or several safety--
related input signals by using the axis--specific MD $MA_SAFE_xxx_INPUT.
Parameterizing example:
-- $MA_SAFE_VELO_SELECT_INPUT[0] = 04010204H
=> The SGE ”SG selection, bit 0” is controlled in the SPL using the system
variable $A_OUTSI[36].
Programming example:
; SGA ”cam 1+” (refer above) controls the SG selection
;
N1020 IDS = 02 DO $A_OUTSI[36] = $A_INSI[1]

These system variables can be read by the user program and written into by
SAFE.SPF.

System variable $A_OUTSID[1...6]

The control signals of the NCK monitoring channel can be addressed in the NCK--
SPL in a double--word--serial fashion using these system variables:
$A_OUTSID[1] corresponds to $A_OUTSI[1...32]
$A_OUTSID[2] corresponds to $A_OUTSI[33...64]
$A_OUTSID[3] corresponds to $A_OUTSI[65...96]
$A_OUTSID[4] corresponds to $A_OUTSI[97...128]
$A_OUTSID[5] corresponds to $A_OUTSI[129...160]
$A_OUTSID[6] corresponds to $A_OUTSI[161...192]
These system variables can only be read by the user program.
These system variables can be read by the user program and written into by
SAFE.SPF.

System variable $A_OUTSED[1...6]

The external status signals can be addressed by the NCK--SPL in a double--word--
serial fashion using these system variables:
$A_OUTSED[1] corresponds to $A_OUTSE[1...32]
$A_OUTSED[2] corresponds to $A_OUTSE[33...64]
$A_OUTSED[3] corresponds to $A_OUTSE[65...96]
$A_OUTSED[4] corresponds to $A_OUTSE[97...128]
$A_OUTSED[5] corresponds to $A_OUTSE[129...160]
$A_OUTSED[6] corresponds to $A_OUTSE[161...192]
These system variables can be read by the user program and written into by
SAFE.SPF.

© Siemens AG 2015 All Rights Reserved

8-540 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

System variables $A_MARKERSI[1...192]

Up to 192 status bits of the SPL can be flagged using these system variables. The
markers are read and written directly into the NCK--SPL.
Programming example:
N1030 IDS = 03 DO $A_MARKERSI[2] = $A_OUTSI[1] AND $A_INSE[2]
N1040 IDS = 04 DO $A_OUTSE[1] = $A_MARKERSI[2]

System variable $A_MARKERSID[1...6]

The SPL status bits can be addressed in a word--serial fashion using these system
variables.
$A_MARKERSID[1] corresponds to $A_MARKERSI[1...32]
$A_MARKERSID[2] corresponds to $A_MARKERSI[33...64]
$A_MARKERSID[3] corresponds to $A_MARKERSI[65...96]
$A_MARKERSID[4] corresponds to $A_MARKERSI[97...128]
$A_MARKERSID[5] corresponds to $A_MARKERSI[129...160]
$A_MARKERSID[6] corresponds to $A_MARKERSI[161...192]

System variables $A_TIMERSI[1...16]

Up to sixteen timers can be programmed using these system variables.
Programming example:
; set marker once after two seconds, reset the timer value and stop
the timer.
N1050 IDS = 05 WHENEVER $A_TIMERSI[1] > 2.0 DO
$A_TIMERSI[1] = 0.0 $A_TIMERSI[1] = -1.0
$A_MARKERSI[2] = 1

System variable $A_STATSID

This system variable can be using in the NCK--SPL to evaluate whether, in the
crosswise data comparison between NCK and PLC, an error was detected in the
two--channel control/processing of the control and status signals. This gives the
user the opportunity to respond to this error with specific synchronous actions.

Bit 0... 5=1: Error in I/O signals, markers or dynamic data of the
F_SENDDP--/F_RECVDP communication.
Bit 26=1: PROFIsafe communication error occurred.
Bit 27=1: Error in CDC static data.
Bit 28=1: Crosswise data comparison error ”SPL protection status” (status
$MN_PREVENT_SYNACT_LOCK not equal to DB18.DBX36.0
(SPL READY)).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-541
Data Description 10/15
8.7 System variables

Bit 29=1: Time error in the communications between NCK and PLC (in 5s,
all ext. NCK--SPL outputs are set to zero, the PLC goes to stop).
Bit 30=1: PLC signals a stop to the NCK.

Programming example:
; for CDC error ext. set output
N1060 IDS = 06 WHENEVER $A_STATSID <> 0 DO $A_OUTSE[1] = 1
These system variables can only be read by the user program.

System variable $A_CMDSI[1]

This system variable can be used to increase the time up to 10 s monitoring the
signal changes in the crosswise data comparison between NCK and PLC.
This means that signal differences between the NCK and PLC system variables
can be tolerated for up to 10s without Alarm 27090 being output.
This system variable can be read and written into by the user program.

System variable $A_LEVELSID

This system variable is used to display the stack level of the signal change moni-
toring in the crosswise data comparison between NCK and PLC. This variable in-
dicates the current number of signals to be checked by the crosswise data compa-
rison function.

System variables $A_xxxP(D)

Images (mapping) of the PLC--SPL interface and markers are provided to make it
easier to commission the SPL. The system variables are updated in the same
clock cycle as the crosswise data comparison between the NCK and the PLC.
These system variables can only be accessed reading.
These system variables may only be used in the commissioning phase.
As soon as commissioning has been signaled as completed, access to these
system variables is blocked. If these program commands are processed, Alarm
17210 is output to indicate an error condition.

System variables $A_INSIP[1...192]

Images of the PLC--side internal SPL input signals (status signals from the drive
monitoring channel) can be read using these system variables.
Associated DB18 values: DB18.DBX54.0 ... DBX61.7 ([1...64])
DB18.DBX304.0 ... DBX319.7 ([65...192])

© Siemens AG 2015 All Rights Reserved

8-542 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

System variable $A_INSIPD[1...6]

Images of the PLC--side internal SPL input signals (status signals from the drive
monitoring channel) can be read in a double--word--serial fashion (32 bit) using
these system variables.
Associated DB18 values: DB18.DBD54, DBD58

System variables $A_OUTSIP[1...192]

Images of the PLC--side internal SPL output signals (control signals to the drive
monitoring channel) can be read using these system variables.
Associated DB18 values: DB18.DBX62.0 ... DBX69.7 ([1...64])
DB18.DBX320 ... DBX335.7 ([65...192)]

System variable $A_OUTSIPD[1...6]

Images of the PLC--side internal SPL output signals (control signals to the drive
monitoring channel) can be read in a double--word--serial fashion (32 bit) using
these system variables.
Associated DB18 values: DB18.DBD62, DBD66

System variables $A_INSEP[1...192]

Images of the PLC--side external SPL input signals (control signals to the PLC--
SPL) can be read using these system variables.
Associated DB18 values: DB18.DBX38.0 ... DBX45.7 ([1...64])
DB18.DBX272.0 ... DBX287.7 ([65...192])

System variable $A_INSEPD[1...6]

Images of the PLC--side external SPL input signals (control signals to the PLC--
SPL) can be read in a double--word--serial fashion (32 bit) using these system
variables.
Associated DB18 values: DB18.DBD38, DBD42

System variables $A_OUTSEP[1...192]

Images of the PLC--side external SPL output signals (status signals from the PLC--
SPL) can be read using these system variables.
Associated DB18 values: DB18.DBX46.0 ... DBX53.7 ([1...64])
DB18.DBX288.0 ... DBX303.7 ([65...192])

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-543
Data Description 10/15
8.7 System variables

System variable $A_OUTSEPD[1...6]

Images of the PLC--side external SPL output signals (status signals from the PLC--
SPL) can be read in a double--word--serial fashion (32 bit) using these system
variables.
Associated DB18 values: DB18.DBD46, DBD50

System variables $A_MARKERSIP[1..192]

Images of the PLC--side SPL markers can be read using these system variables.
Associated DB18 values: DB18.DBX70.0 ... DBX77.7 ([1...64])
DB18.DBX416 ... DBDX413.7 ([65...192])

System variable $A_MARKERSIPD[1...6]

Images of the PLC--side SPL markers can be read in a double--word--serial fashion
(32 bit) using these system variables.
Associated DB18 values: DB18.DBD70, DBD74

System variable $A_PLCSIIN[1..96]

Single--channel direct communication between NCK and PLC--SPL. Signals can be
written by the PLC and read by the NCK.

System variable $A_PLCSIOUT[1..96]

Single--channel direct communication between NCK and PLC--SPL. Signals can be
read by the PLC and read and written by the NCK.

System variable $AC_SAFE_SYNA_MEM

Variable $AC_SAFE_SYNA_MEM contains the number of free synchronizing
action elements Safety Integrated. The number before and after SAFE.SPF has
run is read in order to determine the value of the required elements. The difference
between the two values is then the number that (with a safety margin) must be
entered into machine data $MC_MM_NUM_SAFE_SYNC_ELEMENTS.

© Siemens AG 2015 All Rights Reserved

8-544 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

System variable $A_FSDP_ERR_REAC

The response when a communication error occurs is set using the system variable.
Depending on the actual interdependency of the two plant/system components
involved, the response to a communication error, caused by a communication path
error or by consciously switching off one the plant/system components can be
specifically entered.
0 = Alarm 27350 + STOP D/E
1 = Alarm 27350
2 = Alarm 27351 (only display, self--clearing)
3 = No system reaction
Note
The user interface is set in all cases:
$A_FSDP_ERROR = 1
$A_FSDP_SUBS_ON = 1
$A_FSDP_DIAG corresponding to the detected communication error
Whether initiated as fault response Stop D or Stop E, can be parameterized using:
NCK: $MN_SAFE_SPL_STOP_MODE
PLC: DB18.DBX36.1
Default value: After the control boots, initially, the values saved in MD
$MN_SAFE_SDP_ERR_REAC become active.

System variable $A_FSDP_ERROR

The system variable is used to indicate that there is a communication error. The
error cause determined by F_SENDDP is contained in the diagnostics data
$A_FSDP_DIAG.
0 = Normal mode
1 = Communication error

System variable $A_FSDP_SUBS_ON

The system variable is used to indicate that substitute values are output to the
application at F_RECVDP (receiver).
0 = output of process values
1 = output of substitute values

System variable $A_FSDP_DIAG

The system variable is used to indicate the cause of the communication error
determined by F_SENDDP.
Bit 0 -- 3: Reserved
Bit 4: 1 = timeout detected
Bit 5: 1 = sequence number error detected
Bit 6: 1 = CRC error detected
Bit 7 -- 12: Reserved
Bit 13: 1 = Discrepancy in the F telegram data (TelegramDiscrepancy)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-545
Data Description 10/15
8.7 System variables

Bit 14: 1 = sign--of--life monitoring (LifeSign)

Bit 15: 1 = Asynchronous fault state (StateFault)

System variable $A_FRDP_SUBS

Substitute values that are output to the SPL in the following states are entered
using the system variable:
-- start of cyclic communication
-- communication error
Changes to the substitute values always become effective in the next F_DP clock
cycle, even during a fault situation.
Default value: After the control boots, initially, the values saved in MD
$MN_SAFE_RDP_SUBS become active.

System variable $A_FRDP_ERR_REAC

The response when a communication error occurs is set using the system variable.
Depending on the actual interdependently of the two plant/system components
involved, the response to a communication error, caused by a communication path
error or by consciously switching off one the plant/system components can be
specifically entered.
0 = Alarm 27350 + Stop D/E
1 = Alarm 27350
2 = Alarm 27351 (only display, self--clearing)
3 = No system reaction
Note
The user interface is set in all cases:
$A_FRDP_ERROR = 1
$A_FRDP_SUBS_ON = 1
$A_FRDP_DIAG corresponding to the detected communication error
SPL inputs $A_INSE correspondingly to $A_FRDP_SUBS
Whether initiated as fault response Stop D or Stop E, can be parameterized using:
NCK: $MN_SAFE_SPL_STOP_MODE
PLC: DB18.DBX36.1
Default value: After the control boots, initially, the values saved in MD
$MN_SAFE_SDP_ERR_REAC become active.

System variable $A_FRDP_ERROR

The system variable is used to indicate that there is a communication error. The
error cause determined by F_RECVDP is contained in the diagnostics data
$A_FRDP_DIAG.
0 = Normal mode
1 = Communication error

© Siemens AG 2015 All Rights Reserved

8-546 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Data Description
8.7 System variables

System variable $A_FRDP_SUBS_ON

The system variable is used to indicate that substitute values are output to the
application.
0 = output of process values
1 = output of substitute values

System variable $A_FRDP_ACK_REQ

The system variable is used to signal that after a communication error, cyclic F
telegrams are again cyclically exchanged error--free -- and to acknowledge the
error and to output the process values, a user acknowledgment is still required via
the interface signal DB18.FRDP_ACK_REI or a channel_1 reset.

System variable $A_FRDP_DIAG

The system variable is used to indicate the cause of the communication error
determined by F_RECVDP.
Bit 0 -- 3: Reserved
Bit 4: 1 = timeout detected
Bit 5: 1 = sequence number error detected
Bit 6: 1 = CRC error detected
Bit 7 -- 12: Reserved
Bit 13: 1 = Discrepancies in the F telegram data (TelegramDiscrepancy)
Bit 14: 1 = Sign--of--life monitoring (LifeSign)
Bit 15: 1 = Asynchronous fault state (StateFault)

System variable $A_FRDP_SENDMODE

The system variable is used to indicate the actual operating mode of the F--CPU of
the F_SENDDP communication partner:
1: The F--CPU is in the deactivated safety mode
0: The F--CPU is in the safety mode
Note
For SINUMERIK 840D sl, the deactivated safety mode corresponds to the SPL
commissioning mode ($MN_PREVENT_SYNACT_LOCK == 0 or DB18.DBX36.0
== 0).

Note
Write access operations to all named system variables are only possible from the
program saved in program file /_N_CST_DIR/_N_SAFE_SPF reserved for the
SPL. Access operations from other programs are flagged as an error with Alarm
17070.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 8-547
Data Description 10/15
8.7 System variables

Space for your notes

© Siemens AG 2015 All Rights Reserved

8-548 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Commissioning 9
Warning
! After hardware and/or software components have been changed or replaced, it is
only permissible to boot the system and activate the drives when the protective
devices are closed. Personnel shall not be present within the danger zone.
Depending on the change or replacement, it may be necessary to carry out a new,
partial or complete acceptance test (refer to Chapter 9.5 Acceptance report).
Before persons may re--enter the hazardous area, the drives should be tested to
ensure that they exhibit stable behavior by briefly moving them in both the plus
and minus directions (+/--).
This is especially important specifically for high--speed linear or torque motors.

Note
The function ”safe software limit switch” (SE) is also called ”safe limit positions”
and the function ”safe software cams” (SN) is also called ”safe cams”.

Warning
! If SI functions SH, SBH or SG have been enabled, then they become operational
after the control system has booted (basic display on screen). For the SE and SN
functions safety--related position evaluation is only possible after safety--related
referencing has been successfully completed.

Warning
! Protection of operating personnel must be the primary consideration when
configuring machine data for SINUMERIK Safety Integrated. This is this reason
that the parameterizable tolerances, limit values and delay times should be
determined and optimized during the commissioning phase dependent on the
machine design and arrangement.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-549
Commissioning 10/15
9.1 Pictures of the user interface and softkeys

9.1 Pictures of the user interface and softkeys

Configuring safety--related functions

The ”Commissioning” operating area is selected.

Overview
By pressing the ”Safety” softkey, you go to the first overview screen ”Safety
operating mode: SINUMERIK Safety Integrated (SPL)”.

Figure 9-1 Overview: Safety operating mode SINUMERIK Safety Integrated (SPL)

A new vertical softkey bar is opened using softkey ”>>” (overview 2).

© Siemens AG 2015 All Rights Reserved

9-550 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.1 Pictures of the user interface and softkeys

Figure 9-2 Overview: Safety operating mode SINUMERIK Safety Integrated (SPL)

You can go to the extended horizontal softkey bar by pressing softkey ”<<” and the
menu advance key ”>” (overview 3).

Figure 9-3 Overview: Safety operating mode: SINUMERIK Safety Integrated (SPL)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-551
Commissioning 10/15
9.1 Pictures of the user interface and softkeys

The most important information about the active functions is displayed in the
”Overview” window:
S Axis/drive
All NC axes and drives in the system are displayed.
S Extended functions
This column displays whether and if yes, which extended functions are used for
this axis or this drive.
S Basic functions
This column displays as to whether a basic function is used for this axis or for
this drive and its associated control.
S Assignment
NC axis or internal Control Unit of the drive – or a drive object exists on the
Control Unit, to which an NC axis is assigned.
S Setting SI commissioning
Indicates whether the commissioning mode is active for the drive.
S Status symbols
The parameters are evaluated through two channels. The status symbols
indicate as to whether the parameters are identical in both channels.
Green: Parameterization in the 1st and 2nd monitoring channels identical
Red: Parameterization in the 1st and 2nd monitoring channel different
You can supplement or switch over the display in the ”Overview” window:
S Using the ”Safe drives” softkey, you can toggle between the displays of
”All drives” and ”Safe drives”.
S Using the ”Confirm SI HW” softkey, you can confirm that hardware components
have been replaced after safety commissioning has been completed.
S You can change to the detailed view using the ”Details” softkey.

© Siemens AG 2015 All Rights Reserved

9-552 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.1 Pictures of the user interface and softkeys

Details

Figure 9-4 Detailed view

The most important detailed information about the active safety functions is
displayed in the ”Overview -- Details” window:
S Extended functions:
For extended functions, the settings from parameter p9501 are evaluated and
displayed for enabled functions.
S Basic functions:
For the basic functions, the settings from parameters p9601, p9602, p9652 are
evaluated and displayed if the function has been released.
S Status symbols:
The parameters are evaluated through two channels. The status symbols
indicate as to whether the parameters are identical in both channels.
Green: Parameterization in the 1st and 2nd monitoring channels identical
Red: Parameterization in the 1st and 2nd monitoring channel different
S Control:
The control of the particular safety function is displayed in the right--hand
column.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-553
Commissioning 10/15
9.1 Pictures of the user interface and softkeys

Settings
You can select the safety functions by pressing softkey ”Settings” (Fig.9-2).

Figure 9-5 Settings -- options

S In the ”Settings -- Options” window you can select and enable the safety
functions.
S The ”Evaluation factors to determine the setpoint limits” can only be activated
when an extended safety function has been set. This option can also be defined
if the commissioning mode is not active.
You can directly enter the evaluation factors as a percentage in the input fields.
Alternatively, you can go to a subsequent dialog by pressing the ”Recom-
mended values” softkey. Here, the axis machine data is always preassigned
80 % and the drive parameters 100 %. You can accept these recommended
values by pressing the ”Yes” softkey. You can exit the dialog with ”No” without
accepting the values.
S Reaction of the stop response
For NC axes you can define the reaction of the stop response here.

© Siemens AG 2015 All Rights Reserved

9-554 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.1 Pictures of the user interface and softkeys

Telegram configuration
The screen to configure the telegram is displayed by pressing the ”Telegram
configuration” softkey:

Figure 9-6 Settings -- telegram configuration

You can make the following settings in the ”Settings -- Telegram configuration”
window:
S Enable SIC/SCC
Only active for basic functions and extended functions. The following options
can be configured:
-- SIC/SCC module number
Activates the enable and setting of the SIC/SCC module number.
-- Telegram configuration (p60122)
Sets the telegram for the Safety Info Channel (SIC)/Safety Control Channel
(SCC) In this case, telegram 701 is selected.
When required, each setting in this dialog window can also be made via a para-
meter list.
The ”>>” softkey is pressed again and the settings saved.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-555
Commissioning 10/15
9.1 Pictures of the user interface and softkeys

Functions
A Safety Integrated function can be selected by pressing the ”Functions” softkey
(see Fig. 9-1):
S ”SI enc. matching” softkey
S ”SI--SBR tolerance” softkey
S ”SBH/SG” softkey
S ”SE safe endstops” softkey
S ”SN safe cams” softkey

Adapting SI encoders

Figure 9-7 Adapting SI encoders

A list is created comparing the actual values of the relevant MD and Safety MD.
The corresponding drive parameter can be selected using the ”SI drive para-
meters” softkey.
Using the ”Calculate SI encoder data” softkey, a parameterizing recommendation
for the safety MD and parameters is determined and displayed. Further, a list that
shows the actual values of the corresponding machine data is created.
When configuring two encoders, the following rules apply:
S The first encoder is always the encoder for the drive
S The second encoder is always the encoder for the NCK
S $MA_ENC_INPUT_NR[0]=1
S $MA_ENC_INPUT_NR[1]=2

© Siemens AG 2015 All Rights Reserved

9-556 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.1 Pictures of the user interface and softkeys

SI--SBR tolerance
The following display appears when pressing the ”SI--SBR tolerance” softkey:

Figure 9-8 Safe acceleration monitoring

You can scroll between the Safety Integrated drives using the ”Drive +” and ”Drive
--” softkeys.
The softkey ”Calculate SBR tol.” leads to the window where a decision can be
made whether the calculation of the tolerance of the safe acceleration monitoring
can be agreed (”Accept” softkey) or the operation is cancelled (”Abort” softkey).
Also here, the user can adapt the recommendation. The settings must be saved
using the softkey ”Confirm SI data”.
To calculate the SBR tolerance, the equations from Chapter 6.4 ”Safe acceleration
monitoring (SBR)” are used as basis. A tolerance of 20% is added to the value
determined in this fashion.
With the ”Accept” softkey, the calculated value for the safe acceleration monitoring
is accepted in machine data 36948 $MA_SAFE_STOP_VELO_TOL and parameter
p9548 SI Motion SBR accepted.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-557
Commissioning 10/15
9.1 Pictures of the user interface and softkeys

SBH/SG
The configured limits for safe operating stop and safely limited speed are displayed
using the ”SBH/SG” softkey.

Figure 9-9 SBH/SG softkey

You can scroll through the SI drives using the ”Drive +” and ”Drive –” softkeys.

© Siemens AG 2015 All Rights Reserved

9-558 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.1 Pictures of the user interface and softkeys

Safe limit positions (SE)

The configured directions and limits of the safe limit positions are displayed using
the ”SE safe endstops” softkey:

Figure 9-10 Safe software limit positions

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-559
Commissioning 10/15
9.1 Pictures of the user interface and softkeys

Safe cams (SN)

The positions and assignments of the safe cams are displayed using the ”SN safe
cams” softkey.

Figure 9-11 Safe software cam

© Siemens AG 2015 All Rights Reserved

9-560 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.1 Pictures of the user interface and softkeys

SBC
The ”Safe Brake Control” function (SBC) is used to safely control holding brakes
that function according to the closed--circuit principle (e.g. motor holding brake).
The ”SBC” softkey is reached by pressing the menu advance key. A wiring
schematic for the safe brake control is displayed.

Figure 9-12 Safe brake control

The safe brake control can be enabled or inhibited using this selection list. This
selection list is deactivated if a motor holding brake is not included in the configura-
tion (p1215).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-561
Commissioning 10/15
9.2 Procedure when commissioning the drive for the first time

9.2 Procedure when commissioning the drive for the first

time
This Chapter describes the steps that are necessary to commission the safety
functions integrated in the system. The drive--integrated safety function ”Safe
operating stop” (SH) is also used in the safety functions integrated in the system.
As a consequence, a minimum configuration of the drive--based safety function is
required. The SH function itself does not have to be enabled, but possibly a
required brake control (SBC) must be parameterized.
Commissioning SH/SBC/SS1 via the terminal control is described in detail in
Chapter 4 ”Safety Functions Integrated in the Drive”.
It is advisable to commission the machine so that at least the axes can be moved.
The safety monitoring functions can then be immediately tested after SI data has
been entered. Such a test is absolutely mandatory in order to identify any mistakes
that were made when entering the data.
The following steps must be taken in the specified sequence to commission SI
functions:

Note
If only the SH, SBC and SS1 functions are used, then commissioning is carried
out as described in the Chapter 4.7 ”Commissioning the SH, SBC and SS1
functions”.

Warning
! From SINAMICS SW2.5 and higher, the following applies:
In a system configuration, the firmware versions of the DRIVE--CLiQ components
can only differ from the versions on the CF card, if either
a) the automatic upgrade/downgrade (parameter p7826) is deactivated, or
b) components with a new firmware version can no longer be downgraded to the
status of the version available on the CF card.
Case a) is not permitted when Safety Integrated is used. The automatic
upgrade/downgrade must never be disabled when Safety Integrated is used.
(automatic firmware update (p7826) must be equal to 1)
Case b) is only permissible if this combination has been explicitly approved by the
manufacturer.

© Siemens AG 2015 All Rights Reserved

9-562 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.2 Procedure when commissioning the drive for the first time

Step 1:
Enable option
S Starting screen ”Commissioning/NC/Safety--Integrated”: Set the password
(at least the machine manufacturer password)
S ”General machine data” screen:
Set the options

Step 2:
Commissioning PROFIsafe (Chapter 7.2.5 ”Parameterizing PROFIsafe commu-
nications (NCK)”) and the associated PROFIsafe I/O.
Commissioning safety--related CPU--CPU communication (F_DP communication)
(Chapter 7.4.1 ”Configuring and parameterizing the F_DP communication”)
Commissioning the safety programmable logic (Chapter 7.5.5 ”Starting the SPL”).

Step 3:
In the screen ”Axis--specific machine data”, set the function enable bits (MD36901
$MA_SAFE_FUNCTION_ENABLE and MD36902 $MA_SAFE_IS_ROT_AX) of all
axes for which the safety--related motion monitoring functions are to be used.
Alternatively, the machine manufacturer can completely commission the axis--
specific safety functions axis--for--axis.
Entering and checking the monitoring clock cycle.
S ”General machine data” screen:
Enter the factor for the monitoring clock cycle in data $MN_SAFETY_SYSC-
LOCK_TIME_RATIO (see Chapter 5.1 ”Monitoring clock cycle” and Chapter 5.2
”Crosswise data comparison”).
S The actual monitoring time is immediately displayed in data $MN_INFO_SA-
FETY_CYCLE_TIME.

Note
Before the next NCK RESET is initiated, you must copy the actual monitoring
clock cycle to parameter p9500 ”SI Motion monitoring clock cycle” of the drive
using softkey ”Copy SI data” in the ”Drive configuration” screen.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-563
Commissioning 10/15
9.2 Procedure when commissioning the drive for the first time

Note regarding axis assignment

Note
The drives must be assigned to the axis due to the degrees of freedom that exist
for the PROFIdrive telegram configuring -- also in the SI machine data.
This is the reason that the recommendations when configuring the drive
configuration also apply when configuring Safety Integrated:
S Using the standard configuration and the recommended logical basis
addresses in STEP7.
S No re--parameterization of the selected list of drive objects in drive parameter
p0978.
Under these prerequisites, the following cases can occur:
a) If the drive assignment was left at the standard value via machine data
MD30110 $MA_CTRLOUT_MODULE_NR, MD30220
$MA_ENC_MODULE_NR[0/1] and MD13050 $MN_DRIVE_LOGIC_ADDRESS,
then also the drive assignment in MD36906
$MA_SAFE_CTRLOUT_MODULE_NR and MD10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS must not be changed.
b) If the drive assignment was changed using the machine data MD30110:
$MA_CTRLOUT_MODULE_NR and MD30220: $MA_ENC_MODULE_NR[0/1],
then MD36906: $MA_SAFE_CTRLOUT_MODULE_NR should be parameterized
to the same value as for MD30110: $MA_CTRLOUT_MODULE_NR
c) If the drive assignment was made by interchanging the logical drive addresses
in MD13050: $MN_DRIVE_LOGIC_ADDRESS, then the same marshalling should
also be made in MD10393: $MN_SAFE_DRIVE_LOGIC_ADDRESS.
Example: Drives 1 and 2 were exchanged by interchanging MD13050, index 0 and
1. MD13050[0] was parameterized to 4140 and MD13050[1] was parameterized to
4100. Then, indices 0 and 1 of MD10393 must also be interchanged, i.e. 10393[0]
must be set to 6724 and MD10393[1] must be set to 6700.

The user is provided with support when assigning axes under the HMI path
”Commissioning/Drive system/Drive units/PROFIBUS connection”.

© Siemens AG 2015 All Rights Reserved

9-564 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.2 Procedure when commissioning the drive for the first time

Step 4:
Commissioning the SH/SBC/SS1 functions integrated in the drive.

Note
The parameters of the safety functions integrated in the drive have their own
password protection that is however de--activated before commissioning.
In the SINUMERIK environment we recommend that this password protection is
not activated as the complete commissioning area is password protected.
The procedure to change the SI password is described in Chapter 4.7.2
”Sequence for commissioning SH, SBC and SS1”

S In the drive, the SI commissioning mode must be selected. If an attempt is

made to change the SI parameters without being in the commissioning mode,
then the drive rejects this with a message. A prerequisite for the commissioning
mode is that the pulses have been cancelled for all of the drives. For all drives,
the commissioning mode is selected using the softkey ”Activate drive commis-
sioning” in the screen ”Safety Integrated”. When pressing this softkey, from the
HMI, 95 is written into every drive parameter p0010, if:
-- In the associated NC axis, MD36901 $MA_SAFE_FUNCTION_ENABLE has
a value not equal to 0, or
-- In drive parameter p9501 ”SI enable safety--related functions” there is a
value not equal to 0.
S Using the softkey ”Activate drive commissioning”, the user can also pre--assign
PROFIsafe addresses using parameter p9810: SI PROFIsafe address (Motor
Module).
S Parameterize the functions integrated in the drive in the ”Drive machine data”
screen. These especially include:
-- Function enable SBC (p9602/p9802)
-- Forced checking procedure timer p9659 = 9000 when using Safety
Sinumerik
also possibly
-- PROFIsafe address, if it hasn’t already been set using the softkey ”Activate
drive commissioning”
-- CRC via the SI functions integrated in the drive (this is also realized using
the softkey ”Deactivate drive commissioning”, see the next point)
S Setting the CRC and saving the parameterization that was just made is simulta-
neously carried--out for all drives using the softkey ”Deactivate drive commis-
sioning”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-565
Commissioning 10/15
9.2 Procedure when commissioning the drive for the first time

Step 5:
Set the monitoring function for all of the axes to be safely monitored.
Enter the following in the specified sequence in the ”axis--specific machine data”
screen:
1. Axis characteristics (rotary or linear axis)
2. Measuring--circuit assignment, i.e. which encoder will supply the safety actual
value, what are the characteristics of this encoder and how it is mechanically
mounted.
3. Monitoring limit values and tolerances
4. Changeover and monitoring times
5. Stop responses after a monitoring function has responded
6. Assignment of safety--relevant inputs and outputs, i.e. which sources are sup-
plying the control signals for the NC monitoring channel and where do the feed-
back signals go (for the drive monitoring channel, this logical assignment must
be programmed in the PLC, i.e. there are no corresponding drive parameters).

Step 6:
Set the monitoring and save the data for all of the associated drives.
Here, almost all data entered under Step 6 are again entered in the ”Drive machine
data” screen. When the softkey ”Copy SI data” in the ”Safety Integrated” screen is
pressed, the settings from Step 5 are automatically entered, with the exception of
Points 2 and 6. Point 2 cannot be copied because the drive always operates with
the motor encoder and for a two--encoder system, has other characteristic data
than the encoder evaluated from the NC. The 6th is not applicable on the drive
side. The following operating steps are therefore involved:
1. Press the softkey ”Copy SI data” in the screen ”Safety Integrated”.
2. For each drive, enter the encoder configuration using the softkey ”Adapt SI
encoder”. At the same time, the data, copied under Point 1 in Step 6 can be
subject to a visual check.
3. Initiate an NCK and drive reset using the appropriate softkey. In this case,
component IDs are also transferred from the drive to the NCK.
4. Press the softkey ”Acknowledge SI data” in the ”Drive configuration” screen.
A dialog box describing the function of the softkey then appears: After acknowl-
edging with ”OK”, the actual checksum of the safety--related data is then saved
in both monitoring channels and monitored for changes from this point onwards.
Further, drive data is automatically saved in a non--volatile fashion.
5. A dialog box is displayed on the screen requesting you to perform an accept-
ance test. You must acknowledge this dialog box. Now carry out the NCK reset
and drive reset that are listed.
6. Activate SPL protection.

© Siemens AG 2015 All Rights Reserved

9-566 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.2 Procedure when commissioning the drive for the first time

Step 7:
Issue a user agreement (see Chapter 5.4.4, ”User agreement”)
S The safe limit positions and safe cams are now activated (provided that they
have been enabled, refer to Chapter 5.5, ”Enabling safety--related functions”).
This step can be omitted if you do not wish to use either of these functions.
S The key--operated switch must be set to position 3 in order to issue a user
agreement.

Step 8:
Carry out the acceptance test and enter in the logbook.
S All of the safety functions that have been enabled must be tested. For sugges-
tions on how to test activated SI functions, please refer to Chapter 9.5.2,
”Acceptance test” and/or 9.5 ”Acceptance report”.
S The parameterization of all PROFIsafe I/O components should be checked
using a function test and checking the printout of the hardware configuration
from SIMATIC Step 7.

Step 9:
S Save all machine data using the ”Services” area. This data can be used to
commission series equipment.
S Save (back--up) the complete SIMATIC Step7 project.

Warning
! After the acceptance test has been completed, all illegal (old) MD files must be
removed from the Flashcard (to avoid confusion between old and new data).
Data that corresponds to the acceptance test data must be backed--up (archived).

Step 10:
Delete (clear) the password in order to prevent the unauthorized change of
machine data.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-567
Commissioning 10/15
9.3 Series commissioning

9.3 Series commissioning

The setting for the safety monitoring functions is automatically transferred with
other data in the course of a normal series commissioning process. The following
steps need to be taken in addition to the normal commissioning procedure:
1. Enter a user agreement
2. Carry out the acceptance test

Sequence of operations for series commissioning

The following sequence of operations is recommended when commissioning series
equipment:
S Download the data set for the series machine into the control.
S Adjust the absolute encoder.
S Carry out a POWER ON.
This ensures that any errors -- i.e. deviations in the data content that may exist
between the NCK and drive -- will be detected by the checksum check and
crosswise data comparison.
Data must be checked if an error is detected. Cross check errors on the hard-
ware--related cross checksums (Alarm 27035, message F01680 with ID 2) or
Alarm 27032 are normal if the series commissioning data come from another
machine. These errors can be removed using the ”Confirm SI--HW” softkey
(see Chapter 9.6 ”Motor replacement or encoder replacement”).
If an error no longer occurs, then data has not been changed and is identical
to the acceptance test data. The copy function may be used if data is sub-
sequently altered.
S Carry out random function tests.
The tests are required for acceptance of the new machine.

Software/hardware upgrade

Warning
! Please carefully read the instructions in the relevant Update Manual before
updating the software.

© Siemens AG 2015 All Rights Reserved

9-568 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.3 Series commissioning

Warning
! From SINAMICS SW2.5 and higher, the following applies:
In a system configuration, the firmware versions of the DRIVE--CLiQ components
can only differ from the versions on the CF card, if either
a) the automatic upgrade/downgrade (parameter p7826) is deactivated, or
b) components with a new firmware version can no longer be downgraded to the
status of the version available on the CF card.
Case a) is not permitted when Safety Integrated is used. The automatic
upgrade/downgrade must never be disabled when Safety Integrated is used.
(automatic firmware update (p7826) must be equal to 1)
Case b) is only permissible if this combination has been explicitly approved by the
manufacturer.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-569
Commissioning 10/15
9.4 Changing machine data

9.4 Changing machine data

The user must enter the correct password before he can change the machine data
for SI functions to the system. After data for SI functions has been altered, a new
acceptance test must be carried out on the SI function(s) involved and then
recorded and confirmed in the acceptance report.

Change report
Changes made to NCK machine data important for Safety Integrated are recorded
in a display data. The time that the change is made is displayed in
an axis 36996 $MA_SAFE_CONFIG_CHANGE_DATE[0...6] and
an NCK--MD13316 $MN_SAFE_GLOB_CFG_CHANGE_DATE[0...6].
This MD can neither be overwritten by manual entry nor by loading an MD archive.
The only way to delete this MD is to boot the control from the general reset mode
(service switch position 1).
This data is updated when the following changes are made to the NCK machine
data:
S A modified safety MD configuration is activated
(NCK--Safety--MD have been changed and acknowledged by correction of
$MA_SAFE_DES_CHECKSUM or $MN_SAFE_GLOB_DES_CHECKSUM).
Changes, depending on the modified MD context (axis--specific MD or NCK--
MD), are listed in MD $MN_SAFE_GLOB_CONFIG_CHANGE_DATE or in MD
$MA_SAFE_CONFIG_CHANGE_DATE.
S Changes in the S7 configuration regarding PROFIsafe--relevant parameters.
These are all of the values that go into the PROFIsafe CRC1 (e.g. PROFIsafe
source and target address, PROFIsafe monitoring time). Changes are listed in
MD $MN_SAFE_GLOB_CONFIG_CHANGE_DATE.
S When MD $MA_SAFE_FUNCTION_ENABLE is changed from values not equal
to zero to zero, or from zero to values not equal to zero. These changes mean
that the safety functionality of an axis is completely enabled/disabled. Changes
are listed in MD $MN_SAFE_CONFIG_CHANGE_DATE.
Other changes to MD $MA_SAFE_FUNCTION_ENABLE (selecting/deselecting
individual safety functions) always change MD $MA_SAFE_ACT_CHECKSUM,
which themselves have to be acknowledged by changes to MD
$MA_SAFE_DES_CHECKSUM. Changes are listed in MD $MA_SAFE_CON-
FIG_CHANGE_DATE.
S When MD $MA_SAFE_FUNCTION_ENABLE is changed by reducing the
safety option. If the scope of axis--specific safety functions is enabled for more
axes than are set in the safety option data, the function enable for the excess
number of axes is automatically cancelled again when the control boots. This
deletion is noted in MD $MA_SAFE_CONFIG_CHANGE_DATE. This proce-
dure is associated with the initiation of alarm 8041 ”Axis %1: MD %2 reset, the
associated option is not sufficient” This alarm disappears at the next power on,
however the entry in MD $MA_SAFE_CONFIG_CHANGE_DATE is kept.

© Siemens AG 2015 All Rights Reserved

9-570 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.4 Changing machine data

S Loading an MD archive that is different to the currently active NCK--MD set.

S When upgrading (corresponds to downloading an MD archive)
S Series commissioning (corresponds to downloading an MD archive)

Boundary conditions
Changes to the MD configuration are only noted/documented when the change
becomes active, i.e. after altering MD $MA_SAFE_DES_CHECKSUM /
$MN_SAFE_GLOB_DES_CHECKSUM and a subsequent power on.
When a commissioning archive is downloaded, then in a first step, a change is
noted in the change history. If the currently active safety configuration is saved in
this commissioning archive (=> effectively no change to the safety configuration),
then the change that was previously entered is withdrawn. This is realized by
copying the data $MA_SAFE_CONFIG_CHANGE_DATE[1] to [0], [2] to [1], [3] to
[2], [4] to [3], [5] to [4], [6] to [5]. Is entered into $MA_SAFE_CON-
FIG_CHANGE_DATE[6] as date ”00/00/0000 00:00:00”. The same is true for the
entries in MD $MN_SAFE_GLOB_CONFIG_CHANGE_DATE.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-571
Commissioning 10/15
9.5 Acceptance test

9.5 Acceptance test

9.5.1 General information

The requirements associated with an acceptance test can be derived from the EU
Machinery Directive. Accordingly, the machine manufacturer (OEM) is responsible
for the following:
S to carry out an acceptance test for safety--related functions and machine parts,
and
S to issue an ”Acceptance certificate” that includes the results of the test.
When using the Safety Integrated function, the acceptance test is used to check
the correct configuring of the SI monitoring functions used in the NCK, PLC and
drive. The test objective is to verify the correct implementation of the defined
safety functions, to check the implemented test mechanisms (forced checking pro-
cedure measures) and to examine the response of individual monitoring functions
by explicitly violating tolerance limits. This should be carried out for all safety func-
tions, i.e. for the axis--specific monitoring functions, the SPL, the safety--related
communication relationships, the safety--related I/O etc.

Warning
! The acceptance test is used to check that the safety functions have been correctly
parameterized. Using the acceptance test, potential configuring errors are to be
identified and the correct configuring documented.
The measured values (e.g. distance, time) and the system behavior determined
(e.g. initiating a specific stop) when carrying out the acceptance test are used to
check the plausibility of the configured safety functions. The measured values that
are determined are typical and are not worst--case values. They represent the
behavior of the machine at the time of measurement. The measurements cannot
be used to derive maximum distances for over--travel.

Warning
! If machine data for SI functions is changed, a new acceptance test must be
carried out for the modified SI function and recorded in the acceptance report.

Note
The acceptance test should also be carried out for the PROFIsafe I/O.

© Siemens AG 2015 All Rights Reserved

9-572 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

Information regarding carrying out the acceptance test

S Some of the standard NC monitoring functions, such as zero speed monitoring,
software limit switches, etc. must be de--activated (monitoring limits must be
made less sensitive) before the acceptance test is carried out.
The function sequences can be acquired and listed using the servo trace
function or using the D/A converter output.
S After the SPL has been commissioned the access authorization for the NCK--
SPL (SAFE.SPF) via the user interface must be reduced to the manufacturer or
service level.
S Please refer to the information in Chapter 9.2, ”Procedure when commissioning
for the first time”.
S The acceptance report comprises checking the alarm displays and including the
alarm reports in the overall acceptance report. In order to obtain reproducible
and comparable alarm displays, MD10094 $MN_SAFE_ALARM_SUP-
PRESS_LEVEL must be set to 0 during the acceptance test in order to avoid
suppressing alarm outputs.
S For SINUMERIK 840D sl, to document a test stop that has been carried out,
it is sufficient to just log the test stop alarms of the NCK (27002); it is not abso-
lutely necessary to log the test stop alarms of the SINAMICS S120 (C01798).

Authorized person, acceptance report

The test of each SI function must be carried out by an authorized person and
logged in the acceptance report. The report must be signed by the person who
carried out the acceptance tests.
Authorized in this sense refers to a person who has the necessary technical
training and knowledge of the safety functions and is authorized by the machine
manufacturer to carry out the test.

Documentation, data archiving

The results of the acceptance test as well as all hardware and software changes
as shown in the table 9-1 should be documented in a suitable form.
In addition to the acceptance report, the following SI relevant data must be
archived:
NC machine data
Drive parameters
PLC--/NCK--SPL program
PLC project

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-573
Commissioning 10/15
9.5 Acceptance test

Necessity of an acceptance test

A full acceptance test (as described in this Chapter) must always be carried out
when the functionality of Safety Integrated is commissioned for the first time on a
machine.
Extended safety--related functionality, transferring the commissioned software to
additional series machines, modifications to the hardware, software upgrades,
changes within the scope of modular machine concepts etc. make it necessary to
carry out the acceptance test -- possibly with a reduced test scope.
In order to define a partial acceptance test, it is first necessary to describe the
individual parts.of the acceptance test and then define logical groups that re-
present the components of the acceptance test. The assignment of the safety--
relevant machine data and parameters to difference CRCs support this grouping
(e.g. to support modular machine concepts).

Recommendations for the content of a complete acceptance test

1) DOCUMENTATION
Documentation of the machine including the safety functions
1.1 Machine description (with overview)
1.2 Details about the control system
1.3 Configuration diagram
1.4 Function table
Active monitoring functions depending on the operating mode, the protective
doors and other sensors/CPU--CPU communication
Ideally, this table should be the objective and result of the configuring work.
1.5 SI functions per axis
1.6 Information about safety equipment
2) FUNCTION TEST PART 1
General function check incl. checking the wiring/programming/configuring
2.1 Test of the shutdown paths
(check the forced checking procedure of the shutdown paths)
2.2 Test of the external stop
2.3 Test of the holding torque
2.4 Test the forced checking procedure of the inputs and outputs
2.5 Test of the emergency stop function and of safety circuits
2.6 Test all SPL switching states and associated input/output signals
(test of the function table)
2.7 Test the PROFIsafe input/output signals
Recommendation:
A forced checking procedure should be automatically performed each time that the
control system boots.

© Siemens AG 2015 All Rights Reserved

9-574 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

3) FUNCTION TEST PART 2

Detailed function test incl. checking the values of the individual SI functions used
3.1 Testing the SI function safe operating stop SBH
(in each case with evaluated measurement diagram and measured values)
3.2 Testing the SI function safely reduced speed SG
(in each case with evaluated measurement diagram and measured values)
3.3 Testing the SI function safety--related output n < nx
(in each case with evaluated measurement diagram and measured values)
3.4 Testing the SI function safe limit positions SE
(in each case with evaluated measurement diagram and measured values)
3.5 Testing the SI function safe cams SN
(check using the diagnostics display or assigned SGAs or with the evaluated
measuring diagrams and measured values)
3.6 Possibly testing the SI function external stops
(in each case with evaluated measurement diagram and measured values)
3.7 Test the SI function SBC/SBT
(in each case with evaluated measurement diagram or measured values/
PROFIsafe I/O)
4) Supplementary measures
4.1 Function test actual value acquisition
S After replacing a component, the system is switched on and briefly
operated in both directions.

Warning
! During this process, all personnel must keep out of the danger area.

S With the motion monitoring functions activated, check that the SI encoder
evaluation and count direction match the encoder evaluation and count
direction of SINUMERIK.
4.2 Check the SGE/SGA signals of the relevant module
4.3 When changing the acceleration behavior/jerk axis--specific tests of the
Function test, Part 2
4.4 Test the new safety functionality
4.5 Check the checksums and software versions, compare whether check
sums and software versions are identical, with the reference machine.
Hardware checksum 36998[1] is always different from that of the reference
machine.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-575
Commissioning 10/15
9.5 Acceptance test

5) COMPLETING THE REPORT

Documenting and reporting the tested commissioning state
5.1 Check the SI machine data
5.2 Check the hardware configuration of the PROFIsafe I/O
5.3 Check the NCK and SINAMICS software releases
5.4 Log of the checksums (axis MD / SPL / PROFIsafe I/O)
5.5 Completing the NCK commissioning (protect synchronous actions)
5.6 Completion of the PLC commissioning
5.7 Verify the data backup
APPENDIX
S Reports/measurement records for FUNCTION TEST PART 1/2
S Alarm logs/servotrace measurements (only for a conventional acceptance test)
S Archive the following SI--relevant data:
-- NC machine data
-- Drive parameters
-- PLC--/NCK--SPL program
-- PLC project

Note
The template in the toolbox is only a recommendation.
An electronic template for the acceptance report is available:
-- in the toolbox for SINUMERIK 840D sl
-- on DOConCD for SINUMERIK 840D sl
-- on the service CD for SINUMERIK 840D sl
The acceptance report is divided into the following sections:
-- Plant/system description
-- Description of the safety functions
-- Test of safety functions

© Siemens AG 2015 All Rights Reserved

9-576 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

Effect of the acceptance test for specific measures

Table 9-1 Recommendations for the scope of the acceptance test depending on specific measures

Measure Documentation Function Function Supplemen- Report

test test tary completion
Part 1 Part 2 measures
Replacement of Inclusion of No No Point 4.1 Document
the encoder hardware data changed checksum
system (see
Chapter 9.6)
Replace an SMC, Inclusion of No No Point 4.1 Document changed
SME module hardware data/ checksum
(see Chapter 9.6) software version
data
Replacing a mo- Inclusion of No No Point 4.1 Document changed
tor equipped with hardware data/ checksum
DRIVE--CLiQ software version
(see Chapter 9.6) data
Replacing the Inclusion of Yes, only No Point 4.1 No
Motor Module hardware data/ point 2.1 and
software version 2.2
data
Replacing the Inclusion of Yes, only No Point 4.1 No
NCU hardware hardware data/ Points 2.1,
software version 2.2 and 2.5
data (without
trace
recording)
Replacing the NX Inclusion of Yes, only No Point 4.1, only No
hardware hardware data/ point 2.1 and for axes
software version 2.2 controlled by
data the NX
Hardware No No Item 4.2 No
replacement,
PROFIsafe I/O
Change system Inclusion of con- No Yes No Document changed
clock cycle figuration data checksum
(SI clock cycle
changes)
Changed system Inclusion of con- No Yes No No
clock cycle figuration data
(SI clock cycle,
IPO remains the
same)
Changed IPO Inclusion of con- No Yes No Document changed
clock cycle figuration data checksum
(checksum NCK
0 changes)
Change the Inclusion of con- No Yes No Document changed
SI clock cycle figuration data checksum

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-577
Commissioning 10/15
9.5 Acceptance test

Table 9-1 Recommendations for the scope of the acceptance test depending on specific measures

Measure Documentation Function Function Supplemen- Report

test test tary completion
Part 1 Part 2 measures
Changed PROFI- Inclusion of con- Yes, only No No Document changed
safe clock cycle figuration data Point 2.7 checksum
Changes to the Adapt configu- Yes, only No Point 4.1 Document changed
drive assignment ration diagram Point 2.6 for checksum
the changed
axes
Changed Supplement, SI Yes, only for Yes, only No Document changed
SAFE_USER_ function per the tests for the checksum
DATA axis, function ta- influenced tests
ble by the func- influenced
tion expan- by the
sion function
expansion
Reconfigured Inclusion of con- No No Only test the Document changed
PROFIsafe I/O figuration data modified confi- checksum
in S7 guration
Changed within Supplement Yes, only No No Document changed
the scope of configuration Points 2.6 checksum
”modular diagram and and 2.7
PROFIsafe” function table
Changed within Supplement Yes, only No No Document changed
the scope of configuration Points 2.6 checksum
”F_SEND/ diagram and and 2.7
F_RECEIVE” function table
Software upgrade Inclusion of soft- No 1 No 1 No 1 Document changed
Update 2 ware version checksum
(NCU/drive/PLC)
Changed jerk No 1 No 1 Yes, only Point No
and/or accelera- 4.3
tion
Software upgrade Inclusion of soft- No 1 No 1, 4 Yes, Points 4.3 Document changed
Upgrade 3 ware version and 4.4 checksum
(NCU/drive/PLC)
Software upgrade Inclusion of soft- No No No No
(HMI) ware version
Change to an Inclusion of SI No Yes, only No Document changed
individual limit function per axis test the checksum
value (e.g. SG corres-
limit) ponding
functions at
the axes
involved

© Siemens AG 2015 All Rights Reserved

9-578 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

Table 9-1 Recommendations for the scope of the acceptance test depending on specific measures

Measure Documentation Function Function Supplemen- Report

test test tary completion
Part 1 Part 2 measures
Expanded func- Inclusion of the Yes, only for Yes, only No Document changed
tionality or new SI function per the tests for the checksum
functions (e.g. axis, function influenced tests
additional actua- table by the func- influenced
tor, additional SG tion expan- by the
level) sion function
expansion
SPL change Inclusion of the Yes, only No No Document changed
SI function per Point 2.6 checksum
axis, function
table
Data transferred Supplement Yes No Points 4.1 and Document changed
to additional machine 4.5 checksum
machines with description
series commis- (check the
sioning software
version)
1 Regarding the acceptance test, the notes in the documentation of the SW upgrade must be carefully
observed.
2 An update involves an update to a new Service Pack (SP) or a new Hotfix (HF) within a software line, e.g.
02.05.01.03 (01 = Service Pack; 03 = Hotfix) to 02.05.02.03 (does not take into account any change of the
Safety functionality).
3 An upgrade involves an upgrade to a new software release, e.g. 02.05.xx.xx to 02.06.xx.xx or 02.xx.xx.xx.
to 03.xx.xx.xx (does not take into account any change of the Safety functionality).
4 If no checksums have changed, then a complete function test, Part 2 does not have to be performed.
However, a test should be performed with reduced testing scope.

Test with reduced test scope

Test of Safety Integrated functions at any axis (each NCU and each NX) and a comparison with the test results
before the upgrade.
Note:
If the results of function test, Part 2 are taken from another identical machine, then this is the sole responsibility
of the machine manufacturer and should be appropriately commented in the acceptance report.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-579
Commissioning 10/15
9.5 Acceptance test

9.5.2 Conventional acceptance test

Procedure of the conventional acceptance test

Safety function Test initiated by Function checked Represented using

using
Forced checking proce- Test stop initiated e.g. Alarm log 27002 axis
dure of the shutdown by reducing the test stop Test stop running
paths time or separate key C01798 test stop
running (this is not
absolutely required)
Switching operations at Diagnostics display Diagnostics screen SI
the SGE/SGA status
Servo trace SGE/SGA Decoded using servo
trace bit graphics
Sequence of the test Test stop initiated e.g. Servo trace SGE/SGA De--coded using servo
stop routine for external by reducing the test stop trace bit graphics
stops time or separate key
Diagnostics display Diagnostics screen SI
status
Drive interface PLC SinuCom NC trace
recording
Forced checking proce- Test stop initiated e.g. Disconnect the feed- User error message
dure of the input/output by reducing the test stop back signal contacts or Stop D is initiated
peripherals (e.g. Emer- time or separate key jumper an SPL input
gency Stop)
Configuring/hardware SPL Diagnostic displays, Printout of the hardware
configuration of the behavior of the SPL and configuration from
PROFIsafe I/O I/O terminals, printout of SIMATIC Step 7
the hardware configura-
tion from SIMATIC
Step 7
Test the safety--related Use the safety--related Diagnostics display Diagnostics screen SI
functions (according to sensors status
the function table)
Safe operating stop Exceed the SBH limit by Servo trace: the marker functionality
(SBH) setting MD36933 to 0% (actual speed, active en- of the servo trace
-- JOG operating mode coder / and actual value,
traversing keys active encoder)
Safely reduced speed Exceed the SG limit by Servo trace: the marker functionality
(SG) setting MD36933 to 0% (actual speed, active en- of the servo trace
-- JOG operating mode coder / and actual value,
traversing keys active encoder)
SGA ”n < nx” Speed nx exceeded Servo trace: the marker functionality
(SGE/SGA and actual of the servo trace
speed, active encoder) De--coded using bit
graphics
SinuCom NC trace
recording

© Siemens AG 2015 All Rights Reserved

9-580 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

Safety function Test initiated by Function checked Represented using

using
Safe software limit Pass the positive and Servo trace: the marker functionality
switches (SE) negative limit switches (actual speed, active en- of the servo trace
Change the SW limit coder / and actual value,
switch active encoder)

Safe software cams Pass individual cam Servo trace (SGE/SGA) the marker functionality
(SN) positions of the servo trace
Diagnostics display De--coding using bit
graphics
Drive interface PLC SinuCom NC trace
recording
SBC / SBT Test stop initiated e.g. Servo trace:
by reducing the test stop (actual value active
time or separate key encoder, torque)
F_DP communication F_DP communication Diagnostics display
interrupted e.g. by with-
drawing the PROFIBUS/
PROFINET connector
Switching operations at
the SGE/SGA

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-581
Commissioning 10/15
9.5 Acceptance test

Recommendation to measure the stopping distance/speed increase for the ac-

ceptance test

Actual speed (ideal case) *Stopping distance = response distance +

braking distance
Actual position value

The limit value is

exceeded at time t1

Response time of the system,

response at time t2
*Stopping distance

Speed increase

Active SBH limit

Braking time
to standstill at
time t3

t1 t2 t3
Tim
e

Figure 9-13 Exceeding SBH

Actual speed (ideal case) *Stopping distance = response distance +

Actual position value braking distance

The limit value is

exceeded at time t1 Speed increase

Active SG limit

*Stopping distance
Response time of the system,
response at time t2

Braking time
to standstill at
time t3

t1 t2 t3
Tim
e
Figure 9-14 Exceeding SG

© Siemens AG 2015 All Rights Reserved

9-582 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

Actual speed (ideal case) *Stopping distance = response distance +

braking distance
Actual position value

The limit value is

exceeded at time t1

Response time of the system,

response at time t2
*Stopping distance

Speed increase

SE limit
Braking time
to standstill at
time t3

t1 t2 t3
Tim
e

Figure 9-15 Exceeding SE

9.5.3 Acceptance test support

In order to make it easier to carry out the acceptance test and standardize this,
there is the function ”Acceptance test support” in the SinuCom NC commissioning
tool”.
The objective of this acceptance support is to control the creation and administra-
tion of an acceptance report and prepare and carry out the required test steps
using the appropriate operator actions via the operator interface. The test steps
required as part of the acceptance test are not completely executed automatically
but are controlled by a skilled operator. This operator must perform the measures
associated with the test step on the system being tested. The acceptance test
support provides the following:
S Support for documenting the active monitoring functions and monitoring limit
values by exporting the appropriate machine data.
S Support for documenting the checksum values.
S Standardization of the procedure when performing the test using a pre--defined
checklist.
S The time and resources required for testing are reduced by preparing test
procedures within the system, automatic trace and evaluation techniques and it
takes less time to acknowledge SI alarms that are output.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-583
Commissioning 10/15
9.5 Acceptance test

Software requirements
The acceptance test report function is based on the interaction between the NCK/
drive and the SinuCom NC user interface. This means the use of this function
requires that these components must have a certain minimum software version.
SinuCom NC software Version 7.2 SP1
NCU system software Version 1.3
The basic functionality of the SinuCom NC software is explained within the scope
of its own documentation. This documentation also provides information about the
steps when handling the acceptance test support function, a description of the
screen forms and the menu prompting. This is the reason that this is not handled in
this documentation.
Reference: Commissioning/Service Tool SINUMERIK SinuCom NC (INC)

Scope of the test list

The test steps of the SI acceptance test, supported by the system, is based on the
previous test execution and comprises the following steps:

Designation Purpose of the test step

General information
Overview Document the machine details (e.g. manufacturer, machine type, )
Checking the forced checking procedure
Switch--off signal paths Test the forced checking procedure of the shutdown paths for the
NCK and drive. (logging NCK Alarm 27002 is sufficient.)
External stops Test the forced checking procedure of the (that are being used)
external stop responses.
Qualitative function checks
Emergency stop Test the internal Emergency Stop functionality when executed via
external stop responses and the response to the external SPL I/O.
Function inter--relationships Test all of the states relevant for the safety functions that should be
first documented within the scope of a function table or similar (inter-
dependency of sensor signals, positions, modes). In this case, the
following should be taken into account – the active monitoring
function for SI--monitored axes (internal safety functions) and the
switching state of safety--related external SPL output peripherals
(I/O).
Quantitative function checks
SBH (Safe operating stop) Test the response when provoking that the SBH limit values are
violated and define associated characteristic quantities/parameters.
SG (Safely reduced speed) Test the response when provoking that the SG limit values are
violated and define associated characteristic quantities/parameters.
SE (Safe software limit switches) Test the response when provoking that the SE limit value is violated
and define associated characteristic quantities/parameters.
SBT When the brake is closed, the drive generates an additional torque
that must not result in any axis motion.

© Siemens AG 2015 All Rights Reserved

9-584 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

Designation Purpose of the test step

Completion
Completed The test results are saved and downloaded.
The acceptance report is generated based on the test results that
have been determined.

SI acceptance test
The following rule applies with the start of the SI acceptance test:
S The alarm suppression possibly set in MD10094 $MN_SAFE_ALARM_
SUPPRESS_LEVEL is not taken into account.

Test step, motion monitoring

With the start of a test step of the motion monitoring (e.g. SBH, SG) the following
conditions apply:
S Alarm ”Acceptance test mode active” NCK (Alarm No. 27007) and drive (Fault
No. C01799) is output.
S The setpoint velocity limiting set using MD36933 $MA_ SAFE_DES_VELO_
LIMIT is deactivated. This allows the axis to be traversed in spite of the fact that
the SBH monitoring is active or a traversing speed greater than the actual SG
monitoring without having to change the selected reference (setpoint) speed
limiting.
S SI power on alarms can be temporarily acknowledged with a reset so that after
an SBH response has been tested for an axis, an NCK reset does not have to
be initiated for the fault acknowledgment. This involves the acknowledgment
criteria for the following alarms:

Alarm No. NCK Fault No. Drive Alarm text

27010 C01707 Tolerance for safe operating stop exceeded
27023 C01701 STOP B initiated
27024 C01700 STOP A initiated

S Traversing motion is possible in spite of the external Stop C/D. This means that
it is also possible to test the active SBH monitoring state that results from an
external Stop.
S An active stop in another axis does not result in a traversing inhibit for the axis
being tested -- also for the setting MD36964 $MA_SAFE_IPO_STOP_GROUP
= 0 for this axis.
S When traversing the axes using the JOG buttons, then the set speed limits are
ignored -- such as e.g. MD32020 $MA_JOG_VELO -- and the G0 value is
activated as effective limit value (maximum axis speed).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-585
Commissioning 10/15
9.5 Acceptance test

S The single--channel software limit switches (set positions, refer to MD36100 to

MD36130) are deactivated when testing SE. This means that an axis can pass
these software limit switches without having to change the associated machine
data.

Prerequisites for the test step motion monitoring

A test step of the motion monitoring becomes active under the following conditions:
S There is no active SI power on alarm for the axis to be tested.
S The pulses of the axis to be tested are enabled.
S JOG is active as NC operating mode.
S The SI monitoring function selected when carrying out the test step is active,
i.e. if for example the SG2 test is selected as test, then if SG1 is active, the
acceptance test mode is not active.
S Both monitoring channels (NCK, drive) allow the mode to be activated. The
state that is assumed is subject to a crosswise data comparison between the
NCK and drive.
A test step is cancelled by the following conditions:
S As a result of an NCK Reset
S When an internal timer value expires, that defines the maximum time that the
state can be active.
This timer value is set in the following machine data
MD36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT (NCK) and parameter
p9558: SI Motion acceptance test mode time limit.

Trace techniques
A test is carried out prompted step--by--step using the SinuCom NC operator inter-
face. There are various trace techniques, which can be used to confirm and log as
to whether the test was successfully completed.
Text entry by the operator
A table or cell for the user documentation is provided for the test. This should then
be completed corresponding to the specifications. In addition to how the test is
initiated, the text entry includes, e.g. a description of test situations and responses
or similar.
Alarms that occur are automatically logged
Specific system and user alarms expected for the test step that are automatically
logged after the data trace function has been started. After the appropriate data
has been traced, the selection of alarms to be logged can be reduced to those
alarms that are relevant for the specific test step.

© Siemens AG 2015 All Rights Reserved

9-586 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.5 Acceptance test

Internal signal trace function

The SinuCom NC internal trace function is started when the data trace is started
and the signals, relevant for the specific test step, recorded. The trace is either
automatically ended or the user ends it for some tests (external stops, Emergency
Stop).
Specific NC machine data must be set in order that the trace function can be used.
This prepares the appropriate resources for the function. The values to be set
should be taken from the SINUMERIK SinuCom NC start--up tool.

Basic operating information and instructions

S The operator is prompted, step--by--step when carrying out a test. The following
limitations/constraints must be observed, especially for those tests that use the
internal trace function:
If a traversing direction has been selected, then this must also be taken into
account for the subsequent task. The reason for this is that the trigger
condition for the automatic data acquisition and evaluation is based on this
direction data
A procedure is initiated to activate the trace function using the button <start
data acquisition>. This can take several seconds. The signal is only acquired
after the appropriate feedback has been received in a message box.
If the trace has to be manually terminated, then this step should, if at all
possible, be made directly after the last expected signal change that is
relevant for the trace. This ensures that the relevant area is optimally
displayed in the subsequent trace display.
S For each test step, the operator must decide as to whether the test was
successfully carried out. He should make this decision based on traced and
determined data and test situations that have been carried out and docu-
mented. This can be confirmed after the test has been carried out by selecting
the appropriate results.
S The test list, provided and supported by SinuCom NC includes the basic test
steps to be carried out. Depending on the machine configuration, several tests
may not be necessary for the particular machine. This can be selected in the
basic screen of the test step. Further, there are test cases, that are required for
the machine but are not (or still not) included within the scope of the test list,
e.g. measuring the braking travel when a light barrier is obstructed, or similar.
These tests should still be manually performed.
S When generating the acceptance certificate, for documentation purposes, data
is automatically retrieved from some machine data (SI limit values, checksums,
hardware information).
Further, the results of the tests that were carried out are incorporated in the
document. The report is structured the same as the document that was pre-
viously manually created. Some sections, such as for example, the machine
overview, function table of the configured safety functions etc., that are not
standardized, are still manually incorporated in the document at a later date.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-587
Commissioning 10/15
9.6 Replacing a motor or encoder

9.6 Replacing a motor or encoder

Warning
! After hardware and/or software components have been changed or replaced, it is
only permissible to boot the system and activate the drives when the protective
devices are closed. Personnel shall not be present within the danger zone.
Depending on the change or replacement, it may be necessary to carry out a new,
partial or complete acceptance test (see Chapter 9.5 Acceptance test).
Before persons may re--enter the hazardous area, the drives should be tested to
ensure that they exhibit stable behavior by briefly moving them in both the plus
and minus directions (+/--).
It is especially important to carefully observe this for high--dynamic linear and
torque motors.

Warning
! After the measuring system has been replaced -- regardless of whether it is a
direct or an indirect system -- the relevant axis must be re--calibrated.

Note
After SI relevant hardware has been replaced, this must be acknowledged using
softkey ”Acknowledge SI HW” The procedure is logged in file
”Confirm_SI_HW.log” -- and is saved in the HMI file system
under.../user/sinumerikhmidatasafety.
Example for the structure and content of Confirm_SI_HW.log:
<Start of file>
=======================================================================
Confirm_SI_HW.log
=======================================================================
Date: <yyyy>/<mm>/<dd>
Axis/drive: <Axis/drive identifier as in axis/drive--specific HMI screen forms>
Checksum: MD36998[1], $MA_SAFE_ACT_CHECKSUM[1] = value in the hexadecimal
notation>
========================================================================
<End of file>

Description
The following information essentially refers to replacing a motor encoder. The
limitations that apply as well as the procedures are essentially the same when
replacing a direct measuring system.

© Siemens AG 2015 All Rights Reserved

9-588 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.6 Replacing a motor or encoder

When service is required (motor defective or encoder defective), it might be

necessary to completely replace the motor or just the motor encoder.
In this case, the motor encoder must be re--calibrated. This influences the behavior
of Safety Integrated if the functionality ”safe limit positions” or ”safe cams” have
been activated for the axis in question, i.e. the axis has the status ”safely refer-
enced”. Depending on which motor measuring system is used, it might be
necessary to select a different procedure.
The procedure for replacing a motor with absolute value encoder and to replace a
motor with incremental encoder are described in the following text. The end of the
Chapter discusses 2--encoder systems and encoder modules.

Boundary conditions
As mentioned above, the functionality ”safe limit positions” or ”safe cams” is active
for the axis in question.
The user agreement is set for the axis. This means that the axis has had the status
”safely referenced” at least once -- the actual position value of the NC and the SI
actual values (axis/drive) have been appropriately calibrated/aligned.
”Safe limit positions” or ”Safe cams” have been able to be used.
A motor or motor encoder has to be replaced under these general conditions.

Replacing a motor with absolute value encoder

In order to set--up the encoder, the offset between the machine zero and the zero
of the absolute encoder was determined.
The calibrated state is identified by the control using
MD34210 ENC_REFP_STATE = 2.
The important factor when replacing a motor (also without Safety Integrated) is that
a defined position reference can be established with respect to the mechanical
parts of the machine. For example, by mounting and removing the motor at a
defined mechanical position or appropriately re--calibrating the system after the
motor has been replaced.
After the old motor has been removed and the new motor installed, another actual
position value is read by the new absolute value encoder (there is no longer a
defined reference to the correctly calibrated actual position value).
Therefore the following error profile appears when the control boots:
Alarm 27001 Axis <name of the axis> fault in a monitoring channel, Code 1003,
values: NCK x, drive y.
The comparison between the saved stop position and the actual position indicates
a larger deviation than specified in MD36944 $MA_SAFE_REFP_POS_TOL or
parameter p9544 ”SI Motion actual value comparison tolerance (referencing)”
The alarm results in a STOP B followed by a STOP A (safe pulse cancellation) for
the axis involved.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-589
Commissioning 10/15
9.6 Replacing a motor or encoder

Further, the user agreement is withdrawn. This means that the axis loses the
status ”safely referenced” in connection with the Alarms 27000/C01797 axis
<name of the axis> not safely referenced.
The actual position value supplied by the new motor encoder has no reference to
the mechanical system. This means that the absolute value encoder must be
re--aligned and set--up at this point.

Note
A safety acceptance report is generally not required after a motor has been
replaced.

Re--calibration procedure
1. NCK carry out a reset

Note
After the NCK--Reset, the axis can be traversed again. Alarms 27000/C01797
”Axis not safely referenced” are still present and indicate that the functions ”safe
limit positions” and ”safe cams” are not active in this state. For example, if the
”safe limit positions” are to be used as a substitute for hardware limit switches,
then they are not functioning at this time!

2. Traverse the axis to the reference position, but first enter MD34010
REFP_CAM_DIR_IS_MINUS corresponding to the approach direction.
(MD34010 should be set = 1 if the axis is moved in the negative (minus)
direction to the reference position.)
3. Set MD34100 REFP_SET_POS to the actual value of the reference position.
4. Set MD34210 ENC_REFP_STATE = 1 to activate the calibration.
5. Select the axis that is to be calibrated on the machine control panel and press
the RESET key on the machine control panel.
6. Select the JOG/REF mode, enable the axis feed.
7. Corresponding to MD34010 REFP_CAM_DIR_IS_MINUS and the traversing
direction to the reference position, calibration should be started using the ”+” or
”– ” traversing key. (Backlash has been moved through).
8. The axis does not traverse. Instead, the offset between the correct actual value
(reference position) and the actual value -- supplied by the encoder -- is entered
in MD34090 REFP_MOVE_DIST_CORR. The actual value appears in the basic
screen and the axis signals ”referenced”. The value 2 is entered in MD34210 as
result.
Example:
MD34010=1 (minus) and the reference position was approached in the negative
(minus) direction. This means that the ”–” key must also be pressed on the
machine control panel.

© Siemens AG 2015 All Rights Reserved

9-590 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.6 Replacing a motor or encoder

9. When the absolute value encoder has been recalibrated (MD34210 from 1 -->
2), the axis changes over into the ”referenced” state. At this time, the new valid
actual position is accepted as the safe actual values (axis and drive).
10.Finally, with the JOG/REF machine mode active, on the HMI the ”user agree-
ment” softkey must be pressed and the user agreement for the axis involved
must be reset. Alarms 27000/C01797 disappear and the functions ”safe limit
position” and ”safe cams” are safely active again.

Replacing a motor with incremental encoder

The same conditions apply as when replacing a motor with absolute encoder.
To calibrate the encoder, the reference point approach is set up, e.g. using refer-
ence point cams. This means that after the zero mark has been passed when
leaving the cam, the reference point is approached according to the offsets in
MD34080 REFP_MOVE_DIST and MD34090 REFP_MOVE_DIST_CORR -- and
the value of the reference point is set in MD34100 REFP_SET_POS. After the
referencing operation, Alarm messages 27000/C01797 ”axis not safely referenced”
disappear and the functions ”safe limit positions” and ”safe cams” are safely active.
The important factor when replacing a motor (also without Safety Integrated) is that
a defined position reference can be established with respect to the mechanical
parts of the machine. For example, by mounting and removing the motor at a
defined mechanical position or appropriately re--calibrating the system after the
motor has been replaced. At this instant in time, Alarms 27000/C01797 still do not
disappear; they only disappear after the user agreement has been set.
After the old motor has been removed and the new motor installed, the following
procedure is recommended:

Re--calibration procedure
1. Boot the control or initiate NCK Reset
2. If the JOG/REF machine mode is active on the HMI, the ”user agreement” soft-
key must be pressed and the user agreement for the axis involved is withdrawn
to avoid Alarm 27001 axis <name of the axis> fault in a monitoring channel,
code 1003, values: NCK x, drive y
3. After the system has booted, the JOG/REF mode is selected and the feed
enable for the axis is issued. Carry out a reference point approach for the axis
involved.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-591
Commissioning 10/15
9.6 Replacing a motor or encoder

Note
The error at a reference point approach is no more than one revolution of the
motor (difference between two zero marks). This offset is usually not critical for the
mechanical parts of the machine. If problems arise with the traversing limits
because of the type of reference point approach, then for example, set the offset
values in MD34080/34090 to non--critical values.
Alarms 27000/C01797 ”Axis not safely referenced” are still present and indicate
that the functions ”safe limit positions” and ”safe cams” are not active in this state.
For example, if the ”safe limit positions” are to be used as a substitute for
hardware limit switches, then they are not functioning at this time!
After completion of the reference point approach, the axis goes into the
”referenced” status. However, because of the zero mark offset between the
encoders, the reference position still has to be calibrated. This means that the
position reference with respect to the mechanical system must be re--established.
The system is calibrated after measuring the difference -- usually in MD34080
REFP_MOVE_DIST or MD34090 REFP_MOVE_DIST_CORR.

4. After the reference point has been re--calibrated, the reference point approach
must be re--initiated. The axis changes over into the ”referenced’” state. At this
time, the reference point value is taken over as the safe actual value for the
axis and drive.
5. Finally, with the JOG/REF machine mode active, on the HMI the ”user agree-
ment” softkey must be pressed and the user agreement for the axis involved
must be reset. Alarms 27000/C01797 disappear and the functions ”safe limit
position” and ”safe cams” are safely active again.

Comments about 2--encoder systems

Case A
1st measuring system: Incremental motor measuring system
2nd measuring system: Absolute direct measuring system
As active measuring system via the axis interface, the 2nd position measuring
system (DBAx 1.5 = 0, DBAx 1.6 =1) is statically selected
In this case, motor replacement is straightforward because the NC reference point
position is only supplied with values from the 2nd measuring system (DMS). This
means that in this case, it is not necessary to recalibrate the motor measuring
system.
Case B
1st measuring system: Absolute motor measuring system
2nd measuring system: Incremental direct measuring system
As active measuring system via the axis interface, when booting, for monitoring
purposes, the 1st position measuring system (DBAx1.5 = 1, DBX 1.6 =0) is
selected, and then a switchover is subsequently made to the 2nd position
measuring system (DBAx 1.5 = 0, DBX 1.6 =1).

© Siemens AG 2015 All Rights Reserved

9-592 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.6 Replacing a motor or encoder

In this case, the motor must be replaced carefully observing the Description,
motor with absolute value encoder. This is because it is necessary to recali-
brate the absolute value encoder. When recalibrating the system, we recommend
that you permanently select the 1st position measuring system and the axis is only
traversed using the motor measuring system.

Replacing the encoder modules

When replacing the encoder modules (SMC, SME, DRIVE--CLiQ encoders) or
when replacing motors with integrated encoders (motor with DRIVE--CLiQ), a
change to the configuration of the safety--related components is detected, and a
request is made that a service person acknowledges this.
After at least one of these encoder components has been replaced, Alarm 27035
”Axis %1 new HW component, acknowledgment and function test required” is out-
put (changed CRC in index 1 of $MA_SAFE_ACT_CHECKSUM[ ] and possibly
Alarm F01680 with ID 2, i.e. hardware IDs have changed).
When replacing motors with integrated encoders, Alarm F01680 ”SI Motion CU:
Checksum error safe monitoring functions” is output with fault value 2 (changed
CRC of parameter p9728[2]), i.e. changed hardware identifiers). Also in this case,
an acknowledgment is required and a function test must be performed.
The term ”function test” designates a partial acceptance test that is described in
detail in the alarm description.
If Alarm 27035 or F01680 with ID 2 is output, a new softkey ”Acknowledge SI HW”
is displayed in the alarm screen. This can only be actually selected with key switch
setting 3 (the same as for the user agreement).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-593
Commissioning 10/15
9.6 Replacing a motor or encoder

Figure 9-16 Acknowledging SI HW

The following message is displayed after pressing softkey ”Ackn. HW”:

© Siemens AG 2015 All Rights Reserved

9-594 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Commissioning
9.6 Replacing a motor or encoder

Figure 9-17 Acknowledging SI HW, step 2

After acknowledging with softkey ”OK”, the actual checksums

SAFE_ACT_CHECKSUM[1] / r9728[2] for all of the axes are copied to the refer-
ence checksum SAFE_DES_CHECKSUM[1] / p9729[2] and a recommendation is
given to power on the control. This is done by pressing the ”OK” softkey.
After the system has successfully booted, the user must carry out the measures of
the function test just acknowledged in the HMI messages or in Alarm 27035 /
F01680, i.e.
-- Re--calibration of the actual value encoder
-- Checking the SI actual value acquisition: Speeds, traversing direction,
absolute position (if required, set the user agreement)
-- Document the new checksum value in SAFE_ACT_CHECKSUM[1] or
r9728[2] and the last entry in the change history in MD SAFE_CON-
FIG_CHANGE_DATE[0]
-- Document the hardware and software version data of the new component
Alternatively, Alarm 27035 / F01680 can be acknowledged using the softkey
”Acknowledge SI data” and the softkey ”Reset drive/NCK”.
The user can suppress the automated internal actual value check by resetting the
”user agreement” -- therefore requesting that the axis is re--calibrated with the
appropriate user agreement.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 9-595
Commissioning 10/15
9.6 Replacing a motor or encoder

Space for your notes

© Siemens AG 2015 All Rights Reserved

9-596 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Diagnostics 10
10.1 Troubleshooting procedure
S The alarms that have been activated in response to an error are output in the
”DIAGNOSIS -- ALARMS” display. When required, the safety alarms can be
suppressed in the diagnostics display using the ”Filter out SI alarms” softkey.
S For Alarm 27090 ”Error for crosswise data comparison NCK--PLC”, the cause of
the error (the incorrect SPL variable) is displayed in the alarm output.
S For Alarm 27254 ”PROFIsafe: F module, error on channel”, the input/output
channel with error for modules belonging to the ET 200 series, is displayed in
the alarm output.
S For Alarm 27001 ”Defect in a monitoring channel”, the fine error code is also
displayed in the alarm output.
S For Alarm C01711 ”SI Motion defect in a monitoring channel” the fine error code
is displayed in the alarm output. In the screen ”Commissioning -- machine data
-- drive MD”, using parameter r9725: ”SI Motion diagnostics STOP F”, the
cause of the alarm can be read out.
S The current crosswise data comparis”STOP F code value”.
S For Alarms F01611/F30611 ”Defect in a monitoring channel”, the fine error code
is displayed in the alarm output. The current error search of this alarm is addi-
tionally displayed in parameters r9795/r9895.

Note
Different error codes may be displayed for the NCK and drive monitoring channels.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-597
Diagnostics 10/15
10.1 Troubleshooting procedure

10.1.1 Service displays

SINUMERIK Operate
If safety functions are configured in the NCK as well as at the drive, softkeys
”Display NCK status” and ”Display drive status” are available.

Figure 10-1 New softkeys to select the display for SI status

In the menu header line you can see whether you are in the NCK or in the drive.

Figure 10-2 SI header status

© Siemens AG 2015 All Rights Reserved

10-598 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Display of the diagnostic signals of the NCK

Figure 10-3 Status display NCK

The ”Axis +”, ”Axis --” vertical softkeys or ”Direct selection” are used to select the
required axis. The actual axis is displayed in the top right half of the table header
line.
Various states for both channels are displayed separately in the diagnostics
screen.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-599
Diagnostics 10/15
10.1 Troubleshooting procedure

Display of the drive diagnostic signals

Figure 10-4 Status signals, drive

The following table shows the list of signals of the drive for the status SI screen.

Signal Motor Module Control Unit

STO active r9872.1 r9772.1
SS1 active r9872.2 r9772.2
STOP A active r9872.10 r9772.10
STOP F active r9872.15 r9772.15
STO cause, Safety commissioning mode r9872.16 r9772.16
STO cause, selection via terminal r9872.17 r9772.17
STO cause, actual value is missing r9872.19 r9772.19

Display of the checksum

The screen for checksum SI is divided into three areas:
S Safety options
S Safety checksum status
S Details, safety checksums

© Siemens AG 2015 All Rights Reserved

10-600 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-5 Display of the checksums

Figure 10-6 Global checksum

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-601
Diagnostics 10/15
10.1 Troubleshooting procedure

S ”Save” softkey
With this softkey, the values of the checksum for all drives and axes are saved
in an XML file, which is selected by the user.
S ”Details” softkey
This softkey is used to select detailed information concerning the selected
checksum.

SI configuration
You can go to the SI configuration menu by pressing the softkey ”SI configuration”.

Figure 10-7 SI configuration

An overview of the safety options that have been set is displayed in the upper
section of this diagnostics screen.
The Safety checksums for the NCK, the axis and the drive are shown in the lower
window section.

© Siemens AG 2015 All Rights Reserved

10-602 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

SGE/SGA
You can access the menu for the safety--related input and output signals using the
”SGE/SGA” softkey.

Figure 10-8 Status display of SGE/SGA

The available signals are shown in the diagram above.

Fig. 10-9 shows the detailed status display of the safety--related input/output
signals.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-603
Diagnostics 10/15
10.1 Troubleshooting procedure

”Axis”: NCK monitoring channel

”Drive”: Drive monitoring channel

SG selection

SBH/SG deselection
Test stop selection

SBH deselection
SE selection
Gear ratio
Selection

Bit 2

Bit 1
Bit 0
Bit 1

Bit 0
Bits 15 Safe input signals, axis 1 0 00 0 00 0 0 0 0 0 0 0 0 1 1

..0 Safe input signals 1 drive 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1

Close brake

Deselection
Ext. stops
SG corr.

Stop C
Stop D
Stop E

Stop A
Bit 0
Bit 2
Bit 3

Bit 1
Safe input signals 2 axis 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Bits 31 Safe input signals 2 drive 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
..16

Axis safely referenced

SBH/SG active
Enable pulses
*

SN2+
SN4+

SN1+
SN1--
SN4--

SN3--

SN2--
Safe output signals 1 axis SN3+1 0 1 1 1 1 1 1 1 0 0 0 0 1 0 0
Bits 15
..0 Safe output signals 1 drive 1 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0
* only if the safe cam function is active Status pulses
are cancelled

SBH active
Active stop
SG active
Stop A/B
Stop D
Stop C
Stop E

x
n<n

Bit 0
Bit 1

Bits 31 ...16 Safe output signals 2 axis 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0

Safe output signals of the drive 0 0 0 0 0 0 0 0 0 0 10 0 0 0 X

Safe cam function active

SN2+
SN4--

SN3--
SN4+

SN3+

SN1+
SN2--

SN1--

Bits 31 ..0
SGA 2 axis 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 1 1 1 1
SGA 2 drive 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 1 1 1 1

Active cam range for

Safe cam track function active Axis is located on the cam of the
Bits 31 ..0
Cam track 4

Cam track 3

Cam track 1
Cam track 2
Cam track 3
Cam track 2
Cam track 4

Cam track 1

SGA 2 axis 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 1 1 0 0 1 0 0 0 0 1 1
SGA 2 drive 0 0 00 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 1 1 0 0 1 0 0 0 0 1 1

Figure 10-9 Significance of the status display of the safety--related input and output signals

© Siemens AG 2015 All Rights Reserved

10-604 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Cam SGA
You can reach the corresponding menu for safe cam (Fig. 10-10) or safe cam track
(Fig. 10-11) using the ”Cam SGA” softkey.

Figure 10-10 Safe cams

Figure 10-11 Safe cam track

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-605
Diagnostics 10/15
10.1 Troubleshooting procedure

SPL
The softkey ”SPL” is used to access the window for the status display of the SPL.

Figure 10-12 Status display SPL

In the ”Variable” selection box, you can select:

$A_INSE(P) corresponds to simultaneous selection of
$A_INSE upper line, origin of the NCK and
$A_INSEP lower line, origin of the PLC
and effectively the same for the other variables:
$A_OUTSE(P)
$A_INSI(P)
$A_OUTSI(P)
$A_MARKERSI(P)
$A_PLCSIIN
$A_PLCSIOUT
The variables that have been selected and the associated bit areas are saved and
are taken into account when subsequently selecting the screen.
Using the select key, the following formats can be selected in the variable rows
B Binary
H Hexadecimal
D Decimal, can be selected.
The selected format is applicable for the particular variable, as each variable can
be assigned an individual display format.
Further, various SPL states are displayed.

© Siemens AG 2015 All Rights Reserved

10-606 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Displaying the qualities of SPL input/output variables

Just displaying values ”0” and ”1” in the diagnostics screen is not sufficient to
identify the cause of faults that have occurred. For a more precise evaluation,
the quality (quality) of these two values is of interest.

Quality

Figure 10-13 Displaying the quality

The following colors are used to display the quality:

= ”Process value”: the actual value of the system variables (0 or 1) represents a

process value.
Light ”Substitute value”: the actual value of the system variables (0 or 1) represents a
blue (static or dynamic) substitute value; i.e. is currently not supplied with a process
value from one of the known sources.
Gray ”Not parameterized”: the system variable (value 0 or 1) is, as a result of the MD
parameterization, not assigned to the known sources/sinks.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-607
Diagnostics 10/15
10.1 Troubleshooting procedure

SI communication
You can access the menu for SI communication using the ”SI communication”
softkey.

Figure 10-14 Status display SI communication

The send and receive connections can be selected using the vertical softkeys.

© Siemens AG 2015 All Rights Reserved

10-608 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-15 SI communication (send)

The SI communication (send) menu contains a list of the configuration in tabular

form and the status of the send connection (F_SENDDP). Additional details, e.g.
the comparison of the $A_OUTSE variables and F_SENDDP are displayed using
the softkey ”Display SPL couplings”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-609
Diagnostics 10/15
10.1 Troubleshooting procedure

Figure 10-16 SPL coupling (sending)

Data for F_RECVDP are displayed using the ”Receive connection” softkey and
”Display SPL couplings”.

Figure 10-17 SI communication (receiving)

© Siemens AG 2015 All Rights Reserved

10-610 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-18 SPL coupling (receiving)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-611
Diagnostics 10/15
10.1 Troubleshooting procedure

SI I/O
If, in the status display (Fig. 10-3 ”Status display SI”), the ”SI I/O” softkey is pressed, then
you obtain a general overview of the parameterized PROFIsafe communication:

Figure 10-19 SI I/O

By pressing the ”F--modules” softkey, all of the parameterized F modules are

displayed together with the master address, PROFIsafe address, module type with
the actual status.

© Siemens AG 2015 All Rights Reserved

10-612 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-20 SI I/O F modules

Using the ”Display SPL connection” softkey, the parameterized assignment of the
F module to the SPL is displayed with the actual data. You can toggle between the
modules using the ”Module +” and ”Module --” softkeys.

Figure 10-21 SPL coupling of the SI I/O

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-613
Diagnostics 10/15
10.1 Troubleshooting procedure

Figure 10-22 Details of the F modules

10.1.2 Safety Integrated global checksums

The number of checksums to be checked at a machine is reduced through the

introduction of master checksums.
All of the checksums of an axis -- or also all axes -- are added in these master
checksums. This means that users only have to compare one checksum in order
to check whether something has changed since the last time it was determined. As
a consequence, the master checksum is not saved, but when required, is recalcu-
lated each time.
The global checksums for Safety Integrated are shown in the Diagnostics operat-
ing area as dedicated dialog in the existing checksums screen. The global check-
sums are determined and the dialog is displayed by pressing the ”Checksum SI”
vertical softkey. The previous SI checksum dialog is kept, and can be accessed
from the ”Global checksum” dialog by pressing vertical softkey ”Axis/drive check-
sum”. (For a comparison, see Fig.10-1”Status SI”).
The navigation branches as follows:

© Siemens AG 2015 All Rights Reserved

10-614 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-23 Softkey bars for safety diagnostics, global checksums, SI checksum

The following dialog is displayed with softkey ”Checksum SI”

Figure 10-24 SI global checksums

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-615
Diagnostics 10/15
10.1 Troubleshooting procedure

Figure 10-25 Checksum SI

A table is displayed in which the global checksums are listed with the calculation
date.
When the dialog is first displayed, the cursor is positioned at the first line with a
checksum. The cursor is only positioned to lines that contain a checksum.
The global checksums are calculated as follows:

Table 10-1 Global checksums

Master checksum Calculated by adding the listed data

Global safety engineering NC master checksum SAFE.SPF checksum
checksum $MN_SAFE_GLOB_ACT_CHECKSUM[0]
(sum of all master check- $MN_SAFE_GLOB_ACT_CHECKSUM[1]
sums) $MN_SAFE_GLOB_ACT_CHECKSUM[2]
$MN_SAFE_GLOB_ACT_CHECKSUM[3]
Axis master checksum $MA_SAFE_ACT_CHECKSUM[0]
$MA_SAFE_ACT_CHECKSUM[2]
(Sum across all axes with
$MA_SAFE_FUNCTION_ENABLE.0==1)

Drive master checksum r9728[0]

r9728[1]
(Sum across all drives, that are assigned to an axis
with $MA_SAFE_FUNCTION_ENABLE.0==1)

© Siemens AG 2015 All Rights Reserved

10-616 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Table 10-1 Global checksums, continued

Master checksum Calculated by adding the listed data

Drive--based master check- r9798
sum r9898
(Sum across all drives, that are assigned to an axis
with $MA_SAFE_FUNCTION_ENABLE.0==1)

Safety--relevant hardware Safety--relevant hardware $MA_SAFE_ACT_CHECKSUM[1]

checksum checksum (Sum across all axes with
$MA_SAFE_FUNCTION_ENABLE 0==1)
r9728[2]
(Sum across all drives, that are assigned to an axis
with $MA_SAFE_FUNCTION_ENABLE.0==1)

Data are determined and the checksums are calculated when the dialog is
displayed.
The calculation of the checksums depends on the expansion stage of the control
system and can take longer than 10 seconds. During the calculation, a progress
bar is displayed, which indicates which global checksums are presently being cal-
culated and which MD or parameters are presently being read from which axis or
which drive object.
The progress dialog can be exited using the ”Cancel” softkey which then also
means that the calculation of the checksums is canceled. The global checksums
dialog remains empty and the following text appears in the dialog window:
”No data can be displayed, as the calculation of the global checksums has been
aborted”. A new calculation of the global checksums is realized with the ”Display
new” softkey.
The ”Display new” softkey is only displayed if the calculation of the global check-
sums was canceled. In this case, the ”Details” softkey is also inactive.
The checksums are calculated across all SI for which the following applies:
MD36901 $MA_SAFE_FUNCTION_ENABLE, bit 0 == 1. If there is no axis for
system--integrated operation, the ”Safety integrated system integrated” part in the
table is omitted10-1.
If, when calculating the checksums, there is a number overflow, then the overflow
is rejected. For all checksums, at the end of the calculation, the date is entered in
the particular global checksum.
Master checksums are displayed using the ”Details” softkey.
The Details dialog is updated with the cursor keys up and down. The cursor can
only be positioned to lines that contain a checksum.
The safety--relevant hardware checksum has only one master checksum. In the
Details menu, only one line is displayed with this checksum.
Using the ”Back” softkey, you can change to the vertical softkey bar of the Safety
diagnostics.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-617
Diagnostics 10/15
10.1 Troubleshooting procedure

10.1.3 Integrating safety SPL user alarms

Preconditions
In order to integrate the alarm text extension for SINUMERIK Operate, the ”HMI
Solutionline Alarm Text Converter” is used. Using this converter, it is possible to
convert alarm text extensions, which were already generated on an HMI Advanced
or a self--generated alarm text extension (in *.com format) into the *.ts format
required for SINUMERIK Operate, and to integrate this using WINSCP.
The alarm text converter is included in the scope of delivery of the software
(setup_alarmtextconverter.exe).

Converting SINUMERIK Operate Safety user alarms from PCU50

Start the alarm text converter and allocate a filename under ”Output File Prefix”
(e.g. user_alsi).

Figure 10-26 Allocating a file name

The source directory is specified in ”Source Path”.

© Siemens AG 2015 All Rights Reserved

10-618 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-27 Selecting the source directory

As the SPL user text files are index text files (pro rata alarm text), for correct
conversion in the specified ”Source Path”, a subdirectory with the name */ALSI
must be created. The alarm text extension file *.com to be converted must be
saved in this subdirectory.

Figure 10-28 Creating a subdirectory

In ”Target Path”, the target directory is specified in which the converted safety user
alarm text files for SINUMERIK Operate should be stored.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-619
Diagnostics 10/15
10.1 Troubleshooting procedure

Figure 10-29 Determining the target directory

A ”cfg” and an ”Ing” folder are created in the ”Target Path” with ”Convert”.
The following files are generated in ”cfg”:

Figure 10-30 Generating files in ”cfg”

Depending on the language, the SI user alarm files are generated in ”Ing”:

© Siemens AG 2015 All Rights Reserved

10-620 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-31 Generating files in ”cfg”

The files / directories are now copied with WinSCP to

card/user/sinumerik/hmi/cfg or card/user/sinumerik/hmi/lng or
card/oem/sinumerik/hmi/cfg or card/oem/sinumerik/hmi/lng.
These files must now be copied to the card using WINSCP:

Figure 10-32 Copying the files into the user directory using WinSCP

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-621
Diagnostics 10/15
10.1 Troubleshooting procedure

Figure 10-33 Copying the files into the oem directory using WinSCP

If files with the same name already exist on the CF card, then the contents of the
generated files should be supplemented in the already existing ones. Additional
information on this is provided in the readme.txt in the installation path of the alarm
text converter.

Figure 10-34 Extending the slaesvcadapconf.xm

© Siemens AG 2015 All Rights Reserved

10-622 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-35 Extending the slaesvcconf.xml

Generating, converting, and integrating SINUMERIK Operate safety user alarms

COM files
Generating language--dependent COM files and converting into *.ts files
If there are no HMI Advanced files available, *.com files can be generated and
converted into files in the SINUMERIK Operate format using the ”HMI solutionline
Alarmtext Converter”.
Example of a syntax of a language--dependent *.com. File (e.g. alsi_gr.com /
alsi_uk.com).
// Text extension for Alarms 27090 / 27254
;%4 = 000 Error SPL protection (DB18.DBX36.0 / MD11500)
;%4 = 001...064: Error in system variables $A_INSE[01...64]
;%4 = 065...128: Error in system variables $A_OUTSE[01...64]
;%4 = 129...192: Error in system variables $A_INSI[01...64]
;%4 = 193...256: Error in system variables $A_OUTSI[01...64]
;%4 = 257...320: Error in system variables $A_MARKERSI[01...64]
; SPL protection
000000 0 0 ”User text for safety SPL commissioning status (DB18.DBX36.0) /
MD11500”
;
000000 0 0 ”User text for INSE(P)01”
000000 0 0 ”User text for INSE(P)02”
...
000000 0 0 ”User text for INSE(P)63”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-623
Diagnostics 10/15
10.1 Troubleshooting procedure

000064 0 0 ”User text for INSE(P)64”

000065 0 0 ”User text for OUTSE(P)01”
000066 0 0 ”User text for OUTSE(P)02”
...
000127 0 0 ”User text for OUTSE(P)63”
000128 0 0 ”User text for OUTSE(P)64”
000129 0 0 ”User text for INSI(P)01”
000130 0 0 ”User text for INSI(P)02”
...
000191 0 0 ”User text for INSI(P)63”
000192 0 0 ”User text for INSI(P)64”
000193 0 0 ”User text for OUTSI(P)01”
000194 0 0 ”User text for OUTSI(P)02”
...
000255 0 0 ”User text for OUTSI(P)63”
000256 0 0 ”User text for OUTSI(P)64”
000257 0 0 ”User text for MARKERSI(P)01”
000258 0 0 ”User text for MARKERSI(P)02”
...
000319 0 0 ”User text for MARKERSI(P)63”
000320 0 0 ”User text for MARKERSI(P)64”
If the *.COM files have been generated, then the SINUMERIK Operate files can be
converted as described above.

10.1.4 Trace bit graphics for Safety Integrated

General
The trace function is one of the measuring functions in the Diagnostics operating
area. Using the trace, for drive signals and NCK signals, measurements can be
started by entering a measuring time and trigger conditions. The results of the
measurements are then graphically displayed.
The following variables are of interest:
S Trace for NC/PLC variables
Recording and graphical representation of the SERVO signal values with
respect to time, such as actual position value, following error, etc.
S Trace for drive variables
Recording and graphical representation of the signal values with respect to time
from the drive system, such as e.g. speed actual value, current actual value
etc.
It must be possible for the signals to be recorded to be interconnected via a
BICO source.

© Siemens AG 2015 All Rights Reserved

10-624 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Starting the trace

The trace is called in the operating area ”Diagnostics” Menu advance key
”Trace”.

Figure 10-36 Starting the servo trace

The variables can be selected using the ”Insert variable” softkey. When inserting a
variable, the associated axis for the measurement is selected, [1] means axis X1.
The variable is transferred into the list and the list completed with ”OK”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-625
Diagnostics 10/15
10.1 Troubleshooting procedure

Figure 10-37 Selecting variables for trace

To start the trace, the system changes into the graphic display and the trace is
started using softkeys ”Display trace” and ”Start trace”.
There is also an option to display all variables and then to search for the required
variables using the filter function, in Fig. 10-38 e.g. the internal NCK--SPL inputs
using search word ”insi”.
You can also specifically search for system variables (see Fig. 10-39 ”Selecting
system variables”), e.g. searching for $VA_STOPSI.

© Siemens AG 2015 All Rights Reserved

10-626 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-38 Selecting variables

Figure 10-39 Selecting system variables

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-627
Diagnostics 10/15
10.1 Troubleshooting procedure

The variables that you wish to trace can also be assigned a particular color.

Figure 10-40 Selecting the colors for recording in trace

Example of a trace when SBH is exceeded

With softkey ”New trace (Drive/NC) initially, the session type is called, in this case
NC and PLC variables.

© Siemens AG 2015 All Rights Reserved

10-628 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-41 General call for a new session

The trace is to be performed for safe operating stop, i.e. the trace file name
SBH_Test is entered:

Figure 10-42 Trace SBH_Test

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-629
Diagnostics 10/15
10.1 Troubleshooting procedure

The variables are determined using the ”Insert variable” softkey. The following
variables are selected for SBH_Test:

Figure 10-43 Overview of the variables for SBH--test

To start the trace, the graphic display is selected using softkeys ”Display trace” and
”Start trace”. The trace is started.
Figs. 10-44 and 10-45 show the measurement curves of the variables as example.

© Siemens AG 2015 All Rights Reserved

10-630 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.1 Troubleshooting procedure

Figure 10-44 Trace SBH exceeded

Figure 10-45 Trace SBH exceeded with legend

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-631
Diagnostics 10/15
10.1 Troubleshooting procedure

The value range for the trace can be changed using the ”Settings” softkey.
The ”Options” softkey can be used to change the trace display.
The measurement trace can be saved using the ”Save trace” softkey.

© Siemens AG 2015 All Rights Reserved

10-632 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

10.2 NCK safety alarms for Sinumerik 840D sl

Alarms for SINUMERIK 840D sl/SINAMICS S120

Detailed explanations of all alarms that are not described here can be found in the
following references for the SINUMERIK 840D system with SINAMICS S120:
Reference: /DA/ Diagnostics Manual SINUMERIK 840D
/LH1/ SINAMICS S List Manual

Alarms for SINUMERIK Safety Integrated

The alarms that can occur in connection with the SI option are listed below:

14710 Channel %1 Block %2 Error in initialization sequence in function

%3
Parameter %1 = channel number
%2 = block number
%3 = identifier
Explanation After the control has booted, (program)RESET and (program)START,
depending on machine data MD 20110 $MC_RESET_MODE_MASK
and MD 20112 $MC_START_MODE_MASK initialization blocks are
generated (or not generated as the case may be).
In this case, errors can occur due to incorrect machine data settings.
The errors are output with the same error messages, which are also
issued if the function was incorrectly programmed in the part program.
In order to clearly indicate that an error refers to the initialization
sequence, in addition, this alarm is generated.
Parameter %3 specifies which function initiated the alarm:
Control boot and (program) RESET:
Value:
0: Error when synchronizing, preprocessing/main run
1: Error when selecting the tool length compensation
2: Error when selecting the transformation
3: Error when selecting the work offset
When booting, the macro definitions and cycle interfaces are also
read--in. If an error occurs here, then this is signaled with value=4 or
value=5.
6: Error when creating 2 1/2--D protection zones when booting
(program) START
Value:
100: Error when synchronizing, preprocessing/main run
101: Error when selecting the tool length compensation
102: Error when selecting the transformation
103: Error when selecting the synchronous spindle
104: Error when selecting the work offset

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-633
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

It is especially important to note that when the tool manager is active, it

is possible that a locked tool is in the spindle or in the tool holder that in
spite of this should be activated.
For RESET, these tools are activated without having to do anything
else. For START, in addition using MD22562
$MC_TOOL_CHANGE_ERROR_MODE it can be set as to whether an
alarm should be generated or an automatic bypass strategy should be
selected.
If the parameter contains 3 values from 200 to 203, then this means
that for certain commands (ASUB start, select overstore, teach in)
there are not enough NC blocks for NC block preparation.
Remedy: Increase MD28070 $MC_MM_NUM_BLOCKS_IN_PREP.
Response Alarm display
Mode group not ready
NC start disable in this channel
Interface signals are set
Remedy Please inform the authorized personnel/service department
For parameter %3=0--3:
If the alarm(s) occur(s) at RESET:
Check the setting of machine data MD20110 $MC_RE-
SET_MODE_MASK, MD20120 $MC_TOOL_RESET_VALUE,
MD20121 $MC_TOOL_PRESEL_RESET_VALUE, MD20122
$MC_TOOL_RESET_NAME (only when tool management is active),
MD20130 $MC_CUTTING_EDGE_RESET_VALUE, MD20132
$MC_SUMCOR_RESET_VALUE, MD20126 $MC_TOOL_CAR-
RIER_RESET_VALUE, MD20150 $MC_GCODE_RESET_VALUES,
MD20154 $MC_EXTERN_GCODE_RESET_VALUES, MD20140
$MC_TRAFO_RESET_VALUE, MD21330 $MC_COUPLE_RE-
SET_MODE_1, MD24002 $MC_CHBFRAME_RESET_MASK.
For parameters %3= 100 --104:
Check the setting of MD20112 $MC_START_MODE_MASK and
”..._RESET_...” specified under RESET machine data. When the tool
manager is active, possibly unload the tool -- specified in the associated
alarm -- from toolholder/spindle -- or reset the ”locked” state.
For parameters %3= 4 or 5:
Check the macrodefinitions in _N_DEF_DIR.
Check cycle directories _N_CST_DIR and _N_CUS_DIR.
For parameter %3= 6:
In addition, Alarm 18002 or 18003 is output. This alarm contains the
number of the incorrectly defined protection zone and an identifier
defining what is incorrect in the protection zone definition. The system
variables must then be appropriately corrected.
For parameter %3= 200 to 203:
Increase MD28070 $MC_MM_NUM_BLOCKS_IN_PREP.
Program
r Clear the alarm with the RESET key. Restart the part program.
continuation

© Siemens AG 2015 All Rights Reserved

10-634 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

14751 Channel %1 Block %2 Insufficient resources for motion--synchro-

nous actions (identifier: %3)
Parameter %1 = channel number
%2 = block number
%3 = identifier
Explanation To process motion synchronizing actions resources are required. They
are configured via the machine data $MC_MM_IPO_BUFFER_SIZE,
$MC_MM_NUM_BLOCKS_IN_PREP,
$MC_MM_NUM_SAFE_SYNC_ELEMENTS,
$MC_MM_NUM_SYNC_ELEMENTS. If these resources are insuffi-
cient for executing the part program, then this alarm is issued. The
parameter %3 shows which resource has run out:
Identifier <= 2: Increase $MC_MM_IPO_BUFFER_SIZE or
$MC_MM_NUM_BLOCKS_IN_PREP.
Identifier >= 2: Increase $MC_MM_NUM_SYNC_ELEMENTS,
$MC_MM_NUM_SAFE_SYNC_ELEMENTS.
Response Alarm display
Interface signals are set
Remedy Correct the part program or increase the resources.
Program
r Clear the alarm with the RESET key. Restart the part program.
continuation

15189 Channel %1 Block %2 Error executing SAFE.SPF

Parameter %1 = channel number
%2 = block number, label
Explanation Alarm 15189 is used to signal that an error has occurred when proces-
sing the NC initialization program for Safety Integrated
/_N_CST_DIR/_N_SAFE_SPF. Alarm 15189 is output together with the
alarm that describes the cause of the error. The function is activated
with MD20108 $MC_PROG_EVENT_MASK, bit5=1
MD 10095 $MN_SAFE_MODE_MASK, bit 2 is available to test or com-
mission a SAFE.SPF.
Response NCK stop
Remedy Carry out an NCK reset (warm restart)
Program
r Switch control system OFF and ON again.
continuation

15420 Channel %1 Block %2 Instruction in current mode not allowed

Parameter %1 = channel number
%2 = block number, label

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-635
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Explanation The alarm is output in the following situations:

-- When executing an INI file or definition file (macro or GUD), the
interpreter has identified an illegal instruction (e.g. traversing
command).
-- In a GUD file, access protection to a machine data with REDEF is to
be changed, although an ACCESS file (_N_SACCESS_DEF,
_N_MACCESS_DEF, _NUACCESS_DEF) is available. Access
rights for machine data may then only be changed using one of the
ACCESS files with REDEF.
-- When executing the safety initialization program
/_N_CST_DIR/_N_SAFE_SPF, due to the reduced language scope
that was configured for the purpose, an illegal statement was identi-
fied.
Response Interpreter stop
NC start inhibit in this channel.
Interface signals are set
Alarm display
Remedy Correct INI, GUD, or macro file
Correct part program
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

16964 Channel %1 Executing of init blocks not fully completed

Parameter %1 Channel number
Explanation When booting, init blocks are executed. These ensure that the control
is correctly initialized. The alarm is output if the execution was not able
to be correctly ended (generally due to an already existing alarm).
Response Alarm display
Remedy Remove the existing alarm.
rProgram Switch control system OFF and ON again.
continuation

16965 Channel %1 SAFE.SPF ramp--up not completed

Parameter %1 Channel number
Explanation The alarm is initiated if the safety program /N_CST_DIR/N_SAFE_SPF
should be executed when booting and was not completed after four
times the time, which is defined in MD $MN_SPL_START_TIMEOUT.
One reason could be an extremely long execution time of SAFE.SPF.
The channel number specifies which channel is the cause of the error.
Response Alarm display
NC not ready
NC start disable in this channel
Mode group not ready
Interface signals are set
NC stop for alarm

© Siemens AG 2015 All Rights Reserved

10-636 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy Increase MD $MN_SAFE_SPL_START_TIMEOUT

Program
r Clear the alarm with the RESET key. Restart the part program.
continuation

20095 Axis %1 illegal torque, current torque %2

Parameter %1 = axis name, spindle number
%2 = measured holding torque when selecting the brake test
Explanation The actually measured holding torque cannot be provided with the
existing parameterization of the brake test.
Response Alarm display
The function test of the mechanical brake system is aborted
The PLC block FB11 for the sequence control to test the mechanical
brake system is exited with a fault (fault detection = 2). This means that
the request -- ”start brake test” -- isn’t even effective for the axis.
Remedy Check the actual parameterization of the function test of the mechani-
cal braking system:
-- The torque due to weight in drive parameter p1532 should be as far
as possible equal to the currently measured holding torque. The
measured holding torque is displayed in this alarm.
-- The holding torque for the brake test in MD $MA_SAFE_BRAKE-
TEST_TORQUE must be parameterized higher than the currently
set holding torque.
r
Program Clear the alarm with the Clear key or with NC--START.
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-637
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

20096 Axis %1 brake test aborted, additional info %2

Parameter %1 = axis name, spindle number
%2 = fault information, based on $VA_FXS_INFO
Explanation The brake test has detected a problem. The additional information pro-
vides details of the cause of the alarm. An explanation is provided in
the documentation about the system variables $VA_FXS_INFO
Supplementary info:
0: No additional information available
1: Axis type is neither a PLC nor a command axis
2: Limit position reached, motion stopped
3: Interrupted by an axis RESET (DB31--61, DBB28 bit1)
4: Monitoring window exited
5: Torque reduction rejected by drive
6: PLC has withdrawn the enable signal
Response Alarm display
Interface signals are set.
Remedy Note the supplementary conditions of the brake test, refer to supple-
mentary information.
r
Program Clear the alarm with the Clear key or with NC--START.
continuation

20097 Axis %1 incorrect direction brake test

Parameter %1 = axis name, spindle number
Explanation As a result of the selected traversing direction, the brake test is carried
out for the existing load torque with an incorrect torque.
Response Alarm display
Remedy -- carry out a brake test in the other traversing direction
-- Adapt drive parameter p1532 more precisely to the actual situation.
This alarm only occurs if the actual torque deviates by more than
7.5% of SINAMICS parameter p1532
-- Using MD $MA_SAFE_BRAKETEST_CONTROL, bit 0 = 1, activate
the automatic load torque determination at the beginning of the
brake test.
r
Program Clear the alarm with the Clear key or with NC--START.
continuation

20149 Channel %1 Block %2 motion--synchronous action: Index invalid

Parameter %1 = channel number
%2 = block number
Explanation An invalid index was used when accessing a variable in the motion--
synchronous action.
Example: ...DO $R[$AC_MARKER[1]] = 100
The error occurs if marker 1 has a higher value than the maximum
permissible R--parameter number.

© Siemens AG 2015 All Rights Reserved

10-638 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Response NC start disable in this channel

Interface signals are set
Alarm display
NC stop for alarm
Remedy Use a valid index.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

22001 Channel %1 Block %2 Axis %3: Braking ramp longer than STOP D
time. Reason: %4
Parameter %1 Channel number
%2 Block number
%3 Axis name
%4 Identification of cause
Explanation The actual axis dynamic performance is not sufficient to come to a
standstill in time when a STOP D is initiated. The reasons specified in
parameter 4 are:
1: $MA_MAX_AX_ACCEL too low
2. $MA_MAX_AX_JERK too low
3. Excessively high acceleration reduction programmed with ACC
4. Excessively high jerk reduction programmed with JERKLIM
Response Alarm display
Remedy Increase SAFE_STOP_SWITCH_TIME_D. Increase
$MA_MAX_AX_ACCEL and $MA_MAX_AX_JERK. Increase program-
med acceleration (ACC) or jerk (JERKIM)
Alarm can be suppressed using MD11415 $MN_SUP-
PRESS_ALARM_MASK_2 Bit 13
rProgram Clear the alarm with the Clear key or with NC START
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-639
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

22002 Channel %1 spindle %2: Braking ramp longer than STOP D time.
Gearbox stage %3. Reason: %4
Parameter %1 Channel number
%2 Spindle
%3 Gear stage
%4 Identification of cause
Explanation The configured dynamic values of the spindle are not sufficient to come
to a standstill in time when a STOP D is initiated. Parameter 3 contains
the gear stage, whose braking time -- from the configured dynamic va-
lues -- exceeds the STOP D time the most. Parameter 4 includes an ID
for the MD involved:
10: Dynamic response for closed--loop speed control: MD35130
$MA_GEAR_STEP_MAX_VELO_LIMIT, MD35200
$MA_GEAR_STEP_SPEEDCTRL_ACCEL
11: Dynamic response for closed--loop position control: MD35135
$MA_GEAR_STEP_PC_MAX_VELO_LIMIT, MD35210
GEAR_STEP_POSCTRL_ACCEL
21: Dynamic response for tapping using G331, G332: MD35135
$MA_GEAR_STEP_PC_MAX_VELO_LIMIT, MD35212
GEAR_STEP_POSCTRL_ACCEL2
Response Alarm display
Remedy Increase MD36953 $MA_SAFE_STOP_SWITCH_TIME_D or reduce
the braking time by changing the configured dynamic response of the
spindle. The Alarm can be suppressed using MD11415 $MN_SUP-
PRESS_ALARM_MASK_2 Bit 13

Program
r Clear the alarm with the Clear key or with NC START
continuation

© Siemens AG 2015 All Rights Reserved

10-640 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27000 Axis %1 is not safely referenced

Parameter %1 axis name, spindle number
Explanation There are two reasons for this alarm:
-- the user has still not acknowledged the machine position,
-- the machine position has not yet been verified through follow--up
referencing.
Even if the axis is already referenced there is no acknowledgment that
referencing has supplied the correct result. For example, incorrect
results can occur if the axis was moved after the control was powered--
down -- with the result that the stop position saved prior to powering--
down is no longer correct. To ensure that this does not happen, the
user must acknowledge the displayed actual position after the first
referencing operation.
After the user agreement has been set for the first time, the axis must
be subsequently referenced each time that the control is booted (with
absolute encoders, this subsequent referencing is automatically exe-
cuted). This procedure is carried out to verify the stop position saved
prior to powering--down the control.
The alarm display can be set using MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL (MD>=3) so that the group
alarm 27100 is displayed for all SI axes.
Response Alarm display
The SGA ”axis safely referenced” is not set. SE is disabled if the safety
actual position has not yet been acknowledged by the user agreement.
If the user agreement is set, SE remains active. The safe cams are
calculated and output, but their significance is limited because referenc-
ing has not been acknowledged.
Remedy Move the axis to a known position, change to the ”referencing” mode
and press the softkey ”Agreement”. Check the positions in the agree-
ment screen at the machine. If these correspond to those expected at
the known position, confirm this using the toggle key. If the user agree-
ment has already been set, re--reference the axis.
The user agreement can only be changed in key--actuated switch
setting 3 or after entering a password.
Warning:
If the axis has not been safely referenced and the user has not issued
a user agreement, then the following applies:
-- the safe cams are still not safe.
-- the safe limit positions are still not active
r
Program The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-641
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27001 Axis %1 defect in a monitoring channel, code %2, values:

NCK %3, drive %4
Parameter %1 = axis name, spindle number
%2 = supplementary information, crosswise data comparison index
%3 = supplementary information, comparison value, NCK
%4 = supplementary information, comparison value, drive
Explanation The status of the safety--related monitoring functions are cyclically and
mutually compared between the two monitoring channels (NCK and
drive). The comparison is carried out separately for each NCK/drive
combination.
A criterion in a comparison list is compared between the NCK and drive
in each monitoring clock cycle (MD10091$MN_INFO_SAFETY_CY-
CLE_TIME); the next criterion is compared in the next monitoring clock
cycle etc. Once the complete comparison list has been processed, the
comparisons are processed again from the start. The resulting total
comparison time to process the list is displayed in MD10092
$MN_INFO_CROSSCHECK_CYCLE_TIME (factor x MD10091
$MN_INFO_SAFETY_CYCLE_TIME -- the factor can differ depending
on the particular software version).
The ”Error in a monitoring channel” Alarm is only output if the mutual
comparison of the two monitoring channels detects a difference
between the input data or results of the monitoring. One of the monitor-
ing functions is no longer operating reliably.
The crosswise comparison index, output under %2, is also known as
STOP F code. The STOP F code is also output in Alarm 27001 where
the NCK detected a crosswise comparison error for the first time. The
STOP F code of the drive (belonging to Alarm C01711) can be taken
from the diagnostics screen or the drive parameter r9795. If a differ-
ence is detected at several comparison steps, then also several STOP
F code values can be displayed, alternating, at these positions.
There are error profiles that are identified as a result of several compar-
ison operations of the comparison list. This means that the displayed
STOP F code value doesn’t always provide a clear statement regarding
the cause of the error. The associated procedure is then explained for
each of the individual error codes.
0
No error has been detected in this monitoring channel.
Alarm 27001 means that it was one of the subsequent alarms (follow--
on alarms) of alarm C01711 -- and the valid STOP F code value is to be
determined using the diagnostics display or the drive parameter r9795.
1
For the monitoring functions SBH, SG, SBR or SE, a different state has
occurred between the NCK and drive. The actual status image (result
list 1) is output from the NCK as supplementary input %3 (comparison
value, NCK) and the actual status image from the drive is output as
supplementary info %4 (comparison value, drive). The two supplemen-
tary infos are also saved in drive parameters r9710[0] (NCK) and
r9710[1] (drive).

© Siemens AG 2015 All Rights Reserved

10-642 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

An example for evaluating the bit--coded result list is provided in the

description of the drive machine data.
Remedy
The difference in the states between the drive and NCK should be
determined and the function involved should be investigated in more
detail.
Example
State, NCK: SBH is active and ok
State, drive: SG1 is active and ok
The fault is caused due to the fact that the SGE ”SBH deselection” is
controlled differently. The signal source should be checked on both the
NCK and drive sides. Generally, the different control (in operation) is a
result of a hardware failure associated with the sensor signal involved.
In the commissioning phase, the cause can also be parameterization or
programming errors.
2
For the monitoring function SN or n < nx, a different state has occurred
between the NCK and drive.
The actual status image of the NCK (result list 2) is output as supple-
mentary info %3 (comparison value NCK) and the actual status image
from the drive is output as supplementary info %4 (comparison value,
drive). The two result lists are also written into as parameter r9711[0]
(NCK) and r9711[1] (drive). An example for evaluating the bit--coded
result list is provided in the description of the drive parameter.
Remedy
The difference in the states between the drive and NCK should be
determined and the function involved should be investigated in more
detail.
3
The difference between the safe actual value NCK and drive is greater
than that set in MD36942 $MA_SAFE_POS_TOL.
When using the actual value synchronization, the difference of the
speed (determined based on the safety actual values) is greater than
that set in MD36949 $MA_SAFE_SLIP_VELO_TOL.
Remedy
Commissioning phase:
The encoder evaluation for the NCK and drive is not correctly set -->
correct the encoder evaluation.
In operation:
The actual values differ due to mechanical faults (transmission belts,
traversing to mechanical limit, wear and tolerance windows that have
been set too narrow, encoder faults...)
--> check the mechanical configuration and the encoder signals
4
Not assigned.
5
The setting in MD36901 $MA_SAFE_FUNCTION_ENABLE does not
correspond with the associated drive parameter assignment.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-643
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Copy SI data
6
The setting in MD36931 $MA_SAFE_VELO_LIMIT[0] does not cor-
respond with the associated drive parameter assignment.
Remedy
Copy SI data
7
The setting in MD36931 $MA_SAFE_VELO_LIMIT[1] does not cor-
respond with the associated drive parameter assignment.
Remedy
Copy SI data.
8
The setting in MD36931 $MA_SAFE_VELO_LIMIT[2] does not cor-
respond with the associated drive parameter assignment.
Remedy
Copy SI data.
9
The setting in MD36931 $MA_SAFE_VELO_LIMIT[3] does not cor-
respond with the associated drive parameter assignment.
Remedy
Copy SI data.
10
The setting in MD36930 $MA_SAFE_STANDSTILL_TOL does not cor-
respond with the associated drive parameter assignment.
Remedy
Copy SI data.
11
The setting in MD36934 $MA_SAFE_POS_LIMIT_PLUS[0] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
12
The setting in MD36935 $MA_SAFE_POS_LIMIT_MINUS[0] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
13
The setting in MD36934 $MA_SAFE_POS_LIMIT_PLUS[1] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
14
The setting in MD36935 $MA_SAFE_POS_LIMIT_MINUS[1] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.

© Siemens AG 2015 All Rights Reserved

10-644 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

15
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[0] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Copy SI data.
16
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[0] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
17
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[0] +
MD36940 $MA_SAFE_CAM_TOL does not correspond with the
associated drive parameter assignment.
Remedy
Copy SI data.
18
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[0] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
19
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[1] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Copy SI data.
20
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[1] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
21
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[1] +
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Copy SI data.
22
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[1] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
23
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[2] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-645
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Copy SI data.
24
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[2] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
25
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[2] +
MD36940 $MA_SAFE_CAM_TOL does not correspond with the
associated drive parameter assignment.
Remedy
Copy SI data.
26
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[2] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
27
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[3]
+ MD36940 $MA_SAFE_CAM_TOL does not correspond with the
associated drive parameter assignment.
Remedy
Copy SI data.
28
The setting in MD36936 $MA_SAFE_CAM_POS_PLUS[3] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
29
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[3] +
MD36940 $MA_SAFE_CAM_TOL does not correspond with the
associated drive parameter assignment.
Remedy
Copy SI data.
30
The setting in MD36937 $MA_SAFE_CAM_POS_MINUS[3] does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
31
The settings in MD36942 $MA_SAFE_POS_TOL. bzw. MD36949
$MA_SAFE_SLIP_VELO_TOL do not correspond with the associated
drive parameter assignment.
Remedy
Copy SI data.
32
The setting in MD36944 $MA_SAFE_REFP_POS_TOL does not cor-
respond with the associated drive parameter assignment.

© Siemens AG 2015 All Rights Reserved

10-646 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy
Copy SI data.
33
The setting in MD36951 $MA_SAFE_VELO_SWITCH_DELAY does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
34
The setting in MD36950 $MA_SAFE_MODE_SWITCH_TIME does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
35
The setting in MD36956 $MA_SAFE_PULSE_DISABLE_DELAY does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
36
The setting in MD36957 $MA_SAFE_PULSE_DIS_CHECK_TIME does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
37
The setting in MD36952 $MA_SAFE_STOP_SWITCH_TIME_C does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
38
The setting in MD36953 $MA_SAFE_STOP_SWITCH_TIME_D does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
39
The setting in MD36954 $MA_SAFE_STOP_SWITCH_TIME_E does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
40
The setting in MD36961 $MA_SAFE_VELO_STOP_MODE does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
41
The setting in MD36962 $MA_SAFE_POS_STOP_MODE does not
correspond with the associated drive parameter assignment.
Remedy
Copy SI data.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-647
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

42
The setting in MD36960 $MA_SAFE_STANDSTILL_VELO_TOL does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
43
Stop response, memory test.
44 -- 57
Explanation
Fault codes 44--57 cannot be clearly assigned to a fault cause. For the
monitoring functions that run internally (e.g. SG), monitoring limits are
internally generated that are referred to a monitoring clock cycle.
Example:
SG1 = 2000 mm/min, monitoring clock cycle = 12 ms
If SG1 is active, then a check is made in every monitoring clock cycle
(MCC) as to whether SG1 was exceeded.
This means that in MCC[n], based on the actual value, a positive and
negative actual value limit is defined that may not be exceeded in
MCC[n+1] in order to still comply with SG1.
SG1 = 2000 mm/min = 33.33 mm/s = 0.4 mm/MCC (for each 12 ms)
If the axis moves more than 0.4 mm in a monitoring clock cycle, then
SG1 would be violated.
The limit values, specified above, in MCC[n+1] are then
Positive: Position actual value (MCC[n]) + 0.4 mm
negative: position actual value (MCC[n]) --0.4 mm
The resulting monitoring limits (positive and negative) that are, in turn
determined independently for both monitoring channels (NCK and
drive) are also compared just like the safe actual positions (refer to fault
code 3). The comparison is for a difference < MD36942
$MA_SAFE_POS_TOL.
If the difference is greater than MD36942 $MA_SAFE_POS_TOL, then
the appropriate fault code is output.
The limit values are then re--generated and compared in every monitor-
ing cycle independently of whether the associated monitoring function
is active or not.
This means that there are three possible causes for this fault code
group.
Causes and remedy
Possible cause 1 (only when commissioning or changing the MD)
The tolerance value for the monitoring function is set differently for the
NCK and drive. This situation actually only occurs when commissioning
the system or making changes and is generally already covered by the
previous fault codes.
Remedy: Set the relevant machine data the same.
Possible cause 2 (in operation)
The limit values are determined based on the actual value. This means
that when the safe actual values of the NCK and drive differ then the
limit values are also different by the defined clearance --> i.e. the fault

© Siemens AG 2015 All Rights Reserved

10-648 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

code corresponds to the fault image of fault code 3. This is determined

by checking the safe actual positions.
Remedy: refer to fault code 3.
Possible cause 3 (in operation)
The associated monitoring function is already active in a monitoring
channel -- while in the other monitoring channel another monitoring
function is still active. This is the case if the safe actual positions of the
NCK and drive do not differ but instead there is an entry in drive para-
meters r9710/r9711 (and the 1 appears in parameter r9725) --> i.e. the
fault code corresponds to the fault profile of fault code 1. This can also
be identified using the fault message if for %3 = supplementary info
comparison value NCK or %4 = supplementary info comparison value
drive no real limit value is output but only the value of the calculated
tolerance (refer to the example above (SG1 = 2000 mm/min = 0.4 mm/
monitoring clock cycle), a value of 400 would be displayed as 4%).
Remedy: refer to fault code 1.
44
Upper limit value for SG1 = position actual value + MD36931
$MA_SAFE_VELO_LIMIT[0] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
45
Lower limit value for SG1 = position actual value -- MD36931
$MA_SAFE_VELO_LIMIT[0] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
46
Upper limit value for SG2 = position actual value + MD36931
$MA_SAFE_VELO_LIMIT[1] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
47
Lower limit value for SG2 = position actual value -- MD36931
$MA_SAFE_VELO_LIMIT[1] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
48
Upper limit value for SG3 = position actual value + MD36931
$MA_SAFE_VELO_LIMIT[2] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
49
Lower limit value for SG3 = position actual value -- MD36931
$MA_SAFE_VELO_LIMIT[2] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-649
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

50
Upper limit value for SG4 = position actual value + MD36931
$MA_SAFE_VELO_LIMIT[3] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
51
Lower limit value for SG4 = position actual value -- MD36931
$MA_SAFE_VELO_LIMIT[3] referred to a monitoring clock cycle
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
52
Upper limit value for SBH
Position actual value (when SBH is activated) + MD36930
$MA_SAFE_STANDSTILL_TOL.
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
53
Lower limit value for SBH
Position actual value (when SBH is activated) -- MD36930
$MA_SAFE_STANDSTILL_TOL.
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
54
Upper limit value for n < nx (plus tolerance)
Position actual value + MD36946 $MA_SAFE_VELO_X (referred to a
monitoring clock cycle) + MD36942 $MA_SAFE_POS_TOL.
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
55
Upper limit value for n <nx
Position actual value + MD36946 $MA_SAFE_VELO_X (referred to a
monitoring clock cycle)
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
56
Lower limit value for n< nx
Position actual value -- MD36946 $MA_SAFE_VELO_X (referred to a
monitoring clock cycle)
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)
57
Upper limit value for n < nx (plus tolerance)
Position actual value + MD36946 $MA_SAFE_VELO_X (referred to a
monitoring clock cycle) -- MD36942 $MA_SAFE_POS_TOL.
Remedy
Refer to Section 44--57 (hidden fault code 3 or 1)

© Siemens AG 2015 All Rights Reserved

10-650 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

58
There is a difference in the active request for an external STOP. Two
factors determine the resulting external STOP request for a monitoring
channel.
S The STOP requested via the SGE interface
S The STOP passed--through from the other monitoring channel
The STOP of the active request is specified as fine error code for the
NCK and drive.
The following values are possible:
0 = No Stop
2 = Stop E
3 = Stop D
4 = Stop C
7 = Stop A
59
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[0] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
60
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[1] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
61
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[2] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
62
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[3] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
63
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[4] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
64
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[5] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
65
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[6] does
not correspond with the associated drive parameter assignment.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-651
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Copy SI data.
66
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[7] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
67
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[8] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
68
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[9] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
69
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[10] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
70
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[11] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
71
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[12] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
72
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[13] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
73
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[14] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
74
The setting in MD36932 $MA_SAFE_VELO_OVR_FACTOR[15] does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.

© Siemens AG 2015 All Rights Reserved

10-652 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

75
The setting in MD36946 $MA_SAFE_VELO_X or MD36947
$MA_SAFE_VELO_X_HYSTERESIS does not correspond with the
associated drive parameter assignment.
Remedy
Copy SI data.
76
The setting in MD36963 $MA_SAFE_VELO_STOP_REACTION[0]
does not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
77
The setting in MD36963 $MA_SAFE_VELO_STOP_REACTION[1]
does not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
78
The setting in MD36963 $MA_SAFE_VELO_STOP_REACTION[2]
does not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
79
The setting in MD36963 $MA_SAFE_VELO_STOP_REACTION[3]
does not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
80
Modulo value, safe cam $MA_SAFE_MODULO_RANGE
Remedy
Copy SI data.
81
The setting in MD36948 $MA_SAFE_STOP_VELO_TOL does not cor-
respond with the associated drive parameter assignment.
Remedy
Copy SI data.
82
When controlling the SG correction factor--SGEs[0..3] to select the SG
correction factor a difference has occurred. If, as supplementary info
for a monitoring channel, --1 is output this means that the SG--override
function isn’t even active.
S SG2 and SG4 are not active.
S The function has not been enabled via function enable MD36901 /
parameter p9501.
Remedy
Control the SG stage and check the SG--override signals
and align the control.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-653
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

83
The setting in MD36958 $MA_SAFE_ACCEPTANCE_TST_TIMEOUT
does not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
84
The setting in MD36955 $MA_SAFE_STOP_SWITCH_TIME_F does
not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
85
The setting in MD10089 $MN_SAFE_PULSE_DIS_TIME_BUSFAIL
does not correspond with the associated drive parameter assignment.
Remedy
Copy SI data.
86
Single--encoder system $MA_SAFE_SINGLE_ENC.
Remedy
Align machine data $MA_SAFE_SINGLE_ENC and drive parameter
p9526.
87
Encoder assignment $MA_SAFE_ENC_INPUT_NR.
Remedy
Set $MA_SAFE_ENC_INPUT_NR and drive parameter p9526 so that
they are equal.
88
Cam enable: The setting in MD36903 $MA_SAFE_CAM_ENABLE
does not correspond with the drive parameter assignment.
Remedy
Copy SI data
89
The settings for the encoder limit frequency do not match in the two
monitoring channels.
Remedy
Replace the hardware.
90
Cam SGA differ by more than the tolerance
Remedy
Cam positions, check $MA_SAFE_CAM_TOL
91
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[4] + MD36940 $MA_SAFE_CAM_TOL
does not correspond with the associated drive parameter assignment.
Remedy
Safe cam 5+ (+ tolerance). Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-654 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

92
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[4] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 5+. Enter the same MD.
93
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[4] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 5-- (+ tolerance). Enter the same MD.
94
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[4] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 5--. Enter the same MD.
95
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[5] + MD36940 $MA_SAFE_CAM_TOL
does not correspond with the associated drive parameter assignment.
Remedy
Safe cam 6+ (+ tolerance). Enter the same MD.
96
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[5] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 6+. Enter the same MD.
97
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[5] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 6-- (+ tolerance). Enter the same MD.
98
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[5] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 6--. Enter the same MD.
99
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[6] + MD36940 $MA_SAFE_CAM_TOL
does not correspond with the associated drive parameter assignment.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-655
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Safe cam 7+ (+ tolerance). Enter the same MD.
100
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[6] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 7+. Enter the same MD.
101
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[6] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 7-- (+ tolerance). Enter the same MD.
102
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[6] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 7--. Enter the same MD.
103
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[7] + MD36940 $MA_SAFE_CAM_TOL
does not correspond with the associated drive parameter assignment.
Remedy
Safe cam 8+ (+ tolerance). Enter the same MD.
104
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[7] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 8+. Enter the same MD.
105
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[7] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 8-- (+ tolerance). Enter the same MD.
106
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[7] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 8--. Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-656 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

107
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[8] + MD36940 $MA_SAFE_CAM_TOL
does not correspond with the associated drive parameter assignment.
Remedy
Safe cam 9+ (+ tolerance). Enter the same MD.
108
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[8] does not correspond with the asso-
ciated drive parameter assignment.
Remedy
Safe cam 9+. Enter the same MD.
109
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[8] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 9-- (+ tolerance). Enter the same MD.
110
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[8] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 9--. Enter the same MD.
111
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[9] + MD36940 $MA_SAFE_CAM_TOL
does not correspond with the associated drive parameter assignment.
Remedy
Safe cam 10+ (+ tolerance). Enter the same MD.
112
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[9] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 10+. Enter the same MD.
113
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[9] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cams 10-- (+tolerance). Enter the same MD.
114
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[9] does not correspond with the associated drive parameter
assignment.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-657
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Safe cams 10--. Enter the same MD.
115
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[10] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 11+ (+ tolerance). Enter the same MD.
116
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[10] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 11+. Enter the same MD.
117
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[10] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cams 11-- (+tolerance). Enter the same MD.
118
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[10] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cams 11--. Enter the same MD.
119
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[11] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 12+ (+ tolerance). Enter the same MD.
120
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[11] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 12+. Enter the same MD.
121
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[11] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 12-- (+tolerance). Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-658 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

122
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[11] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 12--. Enter the same MD.
123
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[12] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 13+ (+ tolerance). Enter the same MD.
124
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[12] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 13+. Enter the same MD.
125
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[12] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 13-- (+tolerance). Enter the same MD.
126
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[12] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 13--. Enter the same MD.
127
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[13] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 14+ (+ tolerance). Enter the same MD.
128
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[13] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 14+. Enter the same MD.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-659
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

129
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[13] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 14-- (+tolerance). Enter the same MD.
130
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[13] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 14--. Enter the same MD.
131
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[14] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 15+ (+ tolerance). Enter the same MD.
132
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[14] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 15+. Enter the same MD.
133
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[14] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 15-- (+tolerance). Enter the same MD.
134
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[14] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 15--. Enter the same MD.
135
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[15] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 16+ (+ tolerance). Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-660 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

136
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[15] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 16+. Enter the same MD.
137
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[15] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 16-- (+tolerance). Enter the same MD.
138
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[15] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 16--. Enter the same MD.
139
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[16] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 17+ (+ tolerance). Enter the same MD.
140
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[16] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 17+. Enter the same MD.
141
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[16] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 17-- (+tolerance). Enter the same MD.
142
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[16] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 17--. Enter the same MD.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-661
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

143
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[17] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 18+ (+ tolerance). Enter the same MD.
144
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[17] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 18+. Enter the same MD.
145
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[17] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 18-- (+tolerance). Enter the same MD.
146
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[17] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 18--. Enter the same MD.
147
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[18] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 19+ (+ tolerance). Enter the same MD.
148
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[18] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 19+. Enter the same MD.
149
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[18] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 19-- (+tolerance). Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-662 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

150
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[18] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 19--. Enter the same MD.
151
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[19] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 20+ (+ tolerance). Enter the same MD.
152
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[19] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 20+. Enter the same MD.
153
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[19] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 20-- (+tolerance). Enter the same MD.
154
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[19] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 20--. Enter the same MD.
155
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[20] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 21+ (+ tolerance). Enter the same MD.
156
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[20] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 21+. Enter the same MD.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-663
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

157
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[20] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 21-- (+tolerance). Enter the same MD.
158
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[20] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 21--. Enter the same MD.
159
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[21] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 22+ (+ tolerance). Enter the same MD.
160
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[21] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 22+. Enter the same MD.
161
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[21] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 22-- (+tolerance). Enter the same MD.
162
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[21] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 22--. Enter the same MD.
163
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[22] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 23+ (+ tolerance). Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-664 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

164
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[22] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 23+. Enter the same MD.
165
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[22] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 23-- (+tolerance). Enter the same MD.
166
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[22] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 23--. Enter the same MD.
167
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[23] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 24+ (+ tolerance). Enter the same MD.
168
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[23] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 24+. Enter the same MD.
169
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[23] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 24-- (+tolerance). Enter the same MD.
170
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[23] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 24--. Enter the same MD.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-665
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

171
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[24] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 25+ (+ tolerance). Enter the same MD.
172
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[24] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 25+. Enter the same MD.
173
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[24] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 25-- (+tolerance). Enter the same MD.
174
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[24] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 25--. Enter the same MD.
175
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[25] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 26+ (+ tolerance). Enter the same MD.
176
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[25] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 26+. Enter the same MD.
177
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[25] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 26-- (+tolerance). Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-666 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

178
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[25] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 26--. Enter the same MD.
179
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[26] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 27+ (+ tolerance). Enter the same MD.
180
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[26] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 27+. Enter the same MD.
181
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[26] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 27-- (+tolerance). Enter the same MD.
182
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[26] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 27--. Enter the same MD.
183
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[27] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 28+ (+ tolerance). Enter the same MD.
184
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[27] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 28+. Enter the same MD.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-667
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

185
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[27] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 28-- (+tolerance). Enter the same MD.
186
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[27] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 28--. Enter the same MD.
187
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[28] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 29+ (+ tolerance). Enter the same MD.
188
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[28] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 29+. Enter the same MD.
189
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[28] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 29-- (+tolerance). Enter the same MD.
190
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[28] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 29--. Enter the same MD.
191
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[29] + MD36940
$MA_SAFE_CAM_TOL does not correspond with the associated drive
parameter assignment.
Remedy
Safe cam 30+ (+ tolerance). Enter the same MD.

© Siemens AG 2015 All Rights Reserved

10-668 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

192
Cam position: the setting in MD36936
$MA_SAFE_CAM_POS_PLUS[29] does not correspond with the
associated drive parameter assignment.
Remedy
Safe cam 30+. Enter the same MD.
193
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[29] + MD36940 $MA_SAFE_CAM_TOL does not correspond with
the associated drive parameter assignment.
Remedy
Safe cam 30-- (+tolerance). Enter the same MD.
194
Cam position: the setting in MD36937 $MA_SAFE_CAM_POS_MI-
NUS[29] does not correspond with the associated drive parameter
assignment.
Remedy
Safe cam 30--. Enter the same MD.
195
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[0] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN1. Enter the same MDs and check the cam
enable and cam parameterization
196
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[1] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN2. Enter the same MDs and check the cam
enable and cam parameterization
197
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[2] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN3. Enter the same MDs and check the cam
enable and cam parameterization
198
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[3] does not correspond with the
associated drive parameter assignment or the cam enable is different.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-669
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Cam track assignment SN4. Enter the same MDs and check the cam
enable and cam parameterization
199
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[4] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN5. Enter the same MDs and check the cam
enable and cam parameterization
200
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[5] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN6. Enter the same MDs and check the cam
enable and cam parameterization
201
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[6] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN7. Enter the same MDs and check the cam
enable and cam parameterization
202
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[7] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN8. Enter the same MDs and check the cam
enable and cam parameterization
203
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[8] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN9. Enter the same MDs and check the cam
enable and cam parameterization
204
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[9] does not correspond with the
associated drive parameter assignment or the cam enable is different.

© Siemens AG 2015 All Rights Reserved

10-670 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy
Cam track assignment SN10. Enter the same MDs and check the cam
enable and cam parameterization
205
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[10] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN11. Enter the same MDs and check the cam
enable and cam parameterization
206
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[11] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN12. Enter the same MDs and check the cam
enable and cam parameterization
207
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[12] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN13. Enter the same MDs and check the cam
enable and cam parameterization
208
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[13] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN14. Enter the same MDs and check the cam
enable and cam parameterization
209
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[14] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN15. Enter the same MDs and check the cam
enable and cam parameterization
210
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[15] does not correspond with the
associated drive parameter assignment or the cam enable is different.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-671
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Cam track assignment SN16. Enter the same MDs and check the cam
enable and cam parameterization
211
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[16] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN17. Enter the same MDs and check the cam
enable and cam parameterization
212
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[17] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN18. Enter the same MDs and check the cam
enable and cam parameterization
213
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[18] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN19. Enter the same MDs and check the cam
enable and cam parameterization
214
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[19] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN20. Enter the same MDs and check the cam
enable and cam parameterization
215
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[20] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN21. Enter the same MDs and check the cam
enable and cam parameterization
216
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[21] does not correspond with the
associated drive parameter assignment or the cam enable is different.

© Siemens AG 2015 All Rights Reserved

10-672 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy
Cam track assignment SN22. Enter the same MDs and check the cam
enable and cam parameterization
217
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[22] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN23. Enter the same MDs and check the cam
enable and cam parameterization
218
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[23] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN24. Enter the same MDs and check the cam
enable and cam parameterization
219
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[24] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN25. Enter the same MDs and check the cam
enable and cam parameterization
220
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[25] does not correspond with the
associated drive parameter assignment.
Remedy
Cam track assignment SN26. Enter the same MDs and check the cam
enable and cam parameterization
221
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[26] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN27. Enter the same MDs and check the cam
enable and cam parameterization
222
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[27] does not correspond with the
associated drive parameter assignment or the cam enable is different.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-673
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy
Cam track assignment SN28. Enter the same MDs and check the cam
enable and cam parameterization
223
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[28] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN29. Enter the same MDs and check the cam
enable and cam parameterization
224
Cam track assignment: the setting in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[29] does not correspond with the
associated drive parameter assignment or the cam enable is different.
Remedy
Cam track assignment SN30. Enter the same MDs and check the cam
enable and cam parameterization
225
For the ”Safe cam track” monitoring function there is a different status
between the NCK and drive for cams SN1 to SN6. The actual status
image of the NCK (result list 3) is output as supplementary info %3
(comparison value NCK) and the actual status image from the drive is
output as %4.
Supplementary infos %3 and %4 are also saved in drive parameters
r9735[0] (NCK) and r9735[1] (drive).
Remedy
Result list 3. Check the tolerance of the cams, evaluate the fault code
in drive parameter r9735[0,1].
226
For the ”Safe cam track” monitoring function there is a different status
between the NCK and drive for cams SN7 to SN12. The actual status
image of the NCK (result list 4) is output as supplementary info %3
(comparison value NCK) and the actual status image from the drive is
output as %4.
Supplementary infos %3 and %4 are also saved in drive parameters
r9736[0] (NCK) and r9736[1] (drive).
Remedy
Result list 4. Check the tolerance of the cams, evaluate the fault code
in drive parameter r9736[0,1].
227
For the ”Safe cam track” monitoring function there is a different status
between the NCK and drive for cams SN13 to SN18. The actual status
image of the NCK (result list 5) is output as supplementary info %3
(comparison value NCK) and the actual status image from the drive is
output as %4.
Supplementary infos %3 and %4 are also saved in drive parameters
r9737[0] (NCK) and r9737[1] (drive).
Remedy
Result list 5. Check the tolerance of the cams, evaluate the fault code

© Siemens AG 2015 All Rights Reserved

10-674 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

in drive parameter r9737[0,1].

228
For the ”Safe cam track” monitoring function there is a different status
between the NCK and drive for cams SN19 to SN24. The actual status
image of the NCK (result list 6) is output as supplementary info %3
(comparison value NCK) and the actual status image from the drive is
output as %4.
Supplementary infos %3 and %4 are also saved in drive parameters
r9738[0] (NCK) and r9738[1] (drive).
Remedy
Result list 6. Check the tolerance of the cams, evaluate the fault code
in drive parameter r9738[0,1].
229
For the ”Safe cam track” monitoring function there is a different status
between the NCK and drive for cams SN25 to SN30. The actual status
image of the NCK (result list 7) is output as supplementary info %3
(comparison value NCK) and the actual status image from the drive is
output as %4.
Supplementary infos %3 and %4 are also saved in drive parameters
r9739[0] (NCK) and r9739[1] (drive).
Remedy
Result list 7. Check the tolerance of the cams, evaluate the fault code
in drive parameter r9739[0,1].
230
Filter time constant for n< nx the calculation or setting in MD36945
$MA_SAFE_VELO_X_FILTER_TIME does not correspond with the
associated drive value.
Remedy
Copy SI data
231
Velocity hysteresis n<nx: the setting in MD36947
$MA_SAFE_VELO_X_HYSTERESIS does not correspond with the
associated drive parameter assignment.
Remedy
Copy SI data
232
Smoothed actual velocity value for n<nx does not correspond with the
drive value The filtering must be deactivated if, as a result of the con-
figured acceleration levels or velocities, CDC errors do occur.
Remedy
Increase MD36947 $MA_SAFE_VELO_X_HYSTERESIS. Set
MD36945 $MA_SAFE_VELO_X_FILTER_TIME higher
233
Velocity actual value nx: upper limit value for n<nx MD36946
$MA_SAFE_VELO_X (only valid, if synchronization function
n<nx active).
Remedy
Check MD36946 $MA_SAFE_VELO_X, MD36947
$MA_SAFE_VELO_X_HYSTERESIS.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-675
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

234
Velocity actual value nx+ tol: upper limit value for n<nx -- tolerance
MD36946 $MA_SAFE_VELO_X -- MD36947
$MA_SAFE_VELO_X_HYSTERESIS (only valid, if synchronization
function n<nxactive).
Remedy
Check MD36946 $MA_SAFE_VELO_X, MD36947
$MA_SAFE_VELO_X_HYSTERESIS
235
Velocity actual value --nx+ tol: lower limit value for n<n x + tolerance:
--MD36946 $MA_SAFE_VELO_X + MD36947
$MA_SAFE_VELO_X_HYSTERESIS (only valid if synchronization
function n<nx active).
Remedy
Check MD36946 $MA_SAFE_VELO_X, MD36947
$MA_SAFE_VELO_X_HYSTERESIS.
236
Actual velocity value --nx: lower limit value for n<nx: --MD36946
$MA_SAFE_VELO_X (only valid if synchronization function
n<nx active)
Remedy
Check MD36946 $MA_SAFE_VELO_X, MD36947
$MA_SAFE_VELO_X_HYSTERESIS.
237
SGA n<nx out of tolerance, different.
Remedy
Check $MA_SAFE_VELO_X_HYSTERESIS
238-- 255 not assigned
256
Result list 1 (see cross comparison value 1)
257 --264 not assigned
265
Result list 1 (see cross comparison value 1)
266
Switchover velocity SBH/SG MD37920 $MA_SAFE_STAND-
STILL_VELO_LIMIT
Remedy
Check MD37920 $MA_SAFE_STANDSTILL_VELO_LIMIT.
267
Delay time, switchover to SBH/SG MD37920 $MA_SAFE_STAND-
STILL_DELAY
Remedy
Check MD37922 $MA_SAFE_STANDSTILL_DELAY.

© Siemens AG 2015 All Rights Reserved

10-676 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Fault fine codes that do not come from the crosswise data comparison
1000
The check timer has expired while the change timer has still not
expired. If, in a monitoring channel, an SGE change (e.g. SBH is
selected), then the so--called change timer is started (timer value =
MD36950/p9550).
In addition, what is known as a checking timer is started in the other
channel (timer value = 10xMD36950).
While the change timer is running, if the same SGE is changed again,
the timer value is extended and the check timer in the other channel
only runs once.
If the change timer is extended so often that the run time is greater
than for the check timer then the fault is output.
Too many signal changes were detected during the checking timer run-
time.
Remedy
Determine the SGE involved and the associated hardware signal and
investigate the situation. There may be contact problems at the sensor
(e.g. poor contact) or there were too many switching operations. If
necessary, the behavior can be improved by changing the timer setting.
1002
The user agreement is not consistent: The status of the user agree-
ment is, after 4 s has expired, different for both monitoring channels.
%3 = status of the user agreement, NCK.
%4 = status of the user agreement, drive.
This effect can occur if the user agreement is only set or reset through
one channel.
An additional fault cause is that if the F code 1003 only occurs in one
monitoring channel and then the user agreement is only withdrawn
through one channel. This means that code 1002 is then the result of a
code 1003 only in one channel.
Remedy
User agreement expired
1003
With the user agreement is set, the difference between the newly deter-
mined reference point (NC actual value) after booting (absolute value
encoder) or reference point approach [homing] (distance--coded or
incremental measuring system) and the safe actual position (saved
value + traversing distance) is greater than the reference tolerance
MD36944/p9544. In this case, the user agreement is withdrawn.
Remedy
Check the mechanical system of the axis -- it is possible that the axis
was moved when powered--down and the actual value last saved by
the control no longer corresponds with the new value the next time the
system is booted. It is also possible that the tolerance window for the
test has been set too narrow. The cause should be determined and
after checking the actual values the user agreement can be again reset
after an NCK--RESET.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-677
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

1004
Violated plausibility, user agreement
S Although the user agreement was already set, an attempt was
made to set it again.
S The user agreement is set although the axis has still not been
referenced.
Remedy
Violated plausibility, user agreement
1005
When activating the SGEs test stop selection, the shutdown path test
cannot be carried out because the pulses have already been cancelled.
Remedy
Check the start conditions for carrying out the test, and if required
correct. In the commissioning phase, it is also possible that there is
incorrect parameterization (or wiring) for the feedback signal regarding
pulse cancellation.
1009
After activating the SGEs test stop selection, the pulses have still not
been cancelled after timer MD36957
$MA_SAFE_PULSE_DIS_CHECK_TIME has elapsed.
Remedy
Check the parameterization for the timer -- it is possible that the value
has been selected too low.
1011
The internal status ”acceptance test status” when using the acceptance
test support indicates different states for the NCK/drive for at least 4
seconds.
Remedy
Acceptance test time expired
1013
NCK user agreement from the PLC--SRAM and NCK user agreement
from the NCK machine data are different.
Remedy
Re--establish data consistency using power on.
1014
NCK axis number from the PLC--SRAM and NCK axis number from the
boot operation are different.
Remedy
Re--establish data consistency using power on.
1020
Cyclic communications between the NCK and drive no longer functions.
Remedy
Analyze the other fault/error messages. Restart using power on.
1023
Effectiveness test error in the Sensor Module.

© Siemens AG 2015 All Rights Reserved

10-678 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy
Check the Sensor Module.
1024
Saved standstill positions of NCK and PLC different.
Remedy
Re--establish data consistency using power on.
1025
The drive or encoder signaled ”parking active” -- however the control
had not requested ”parking axis”.
Remedy
Check the control signals to select the ”parking” state.
1026
Plausibility error for cam synchronization between NCK and PLC.
Remedy
Check communication between the PLC and drive and between PLC
and NCK.
Response NC start disable in this channel
Alarm display
A STOP F was initiated. If a safety monitoring function was active
(SBH, SG, SE, SN), then a STOP B was also automatically initiated.
It is then necessary to power--down/power--up the control (power on).
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation If a STOP B was initiated, then the control must be power--down/
powered--up (power on).

27002 Axis %1 Test stop in progress

Parameter %1 = axis name, spindle number
Explanation The proper and correct functioning of the shutdown path is presently
being tested by setting the SGE ”test stop selection”.
Response Alarm display
Remedy This message only provides information for the user.
Program
r The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.
The alarm automatically disappears after the delay time has expired
that is defined in MD36957 $MA_SAFE_PULSE_DIS_CHECK_TIME --
and the withdrawal of the SGE ”test stop selection” if the control
detects that the drive pulses have been cancelled -- i.e. the test has
been successfully completed. An unsuccessful test can be recognized
as a result of Alarm 27001 with fault code 1005 or Alarm 27024.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-679
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27003 Checksum error occurred %1 %2

Parameter %1 = reference to the code section or table
%2 = table number
Explanation Checksum error in safety--related code or safety--related data. The
safety monitoring functions (Safety Integrated) in the NCK could be
corrupted.
Response Alarm display
Remedy Please take extreme caution when continuing with any work. It is
necessary to power--down/power--up the control (power on). If this fault
occurs again, contact the service department.
Program
r Switch control system OFF and ON again.
continuation

27004 Axis %1 difference safe input %2, NCK %3, drive %4

Parameter %1 = axis name, spindle number
%2 = monitoring function involved
%3 = interface identifier, NCK input
%4 = interface identifier, drive input
Explanation A difference has been detected at the specified safe input. The state of
the specified input signal differs in the two monitoring channels NCK
and drive during the time set in MD36950
$MA_SAFE_MODE_SWITCH_TIME.
Monitoring function involved (%2):
SS/SV Difference in SGE ”deselect safe operating stop / safely
reduced speed”
SS Difference in SGE ”deselect safe operating stop”
SV Difference in SGE ”select safely reduced speed”
SP Difference in SGE ”select safe limit positions”
SVOVR Difference in SGE ”select SG correction”

Interface identifier NCK input (SPL interface):

<io> = parameterized system variable range (01=$A_INSID,
02=$A_INSED)
<dword> = system variable -- double word (1,2)
<bit> = bit number in the system variable -- double word (1...32)
<value> = value of the NCK--SGE (0,1)

Interface identifier, drive input (%4):

DBX<byte><bit>=<value>
<byte> = byte number in the axis--specific DB (22, 23, 32, 33)
<bit> = bit number in the byte (0...7)
<value> = value of the drive SGE (0,1)
This alarm can be suppressed using the MD10096 $MN_SAFE_DIA-
GNOSIS_MASK, bit 0=0.
Response Alarm display

© Siemens AG 2015 All Rights Reserved

10-680 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy Check the interface of the safety--related input signals (SPL para-
meterization, PLC--DB supply).
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

27005 Axis %1 error for crosswise data comparison: steady--state

actual value difference
Parameter %1 = axis name, spindle number
Explanation A difference in the actual values was detected using the crosswise data
comparison between NCK and drive monitoring channel. This differ-
ence is greater than the maximum tolerance defined in MD36942
$MA_SAFE_POS_TOL. This can be checked using the safe position
actual values of the two monitoring channels displayed in the service
screen.
The alarm is only displayed, if monitoring with absolute reference
(SE/SN) has been enabled for the specified axis and if the user agree-
ment has been set. As soon as the user agreement is deleted or the
actual difference between the two monitoring channels again drops
below the maximum permissible difference, the alarm is cleared.
Response Alarm display
Remedy The user agreement must be deleted if the alarm is present as a
steady--state alarm. When the control is then rebooted, the machine
can be brought into the safe state again and operation resumed by a
new referencing process and setting the user agreement.
Prior to setting the user agreement, the actual position of the axis dis-
played in the ”User enable” screen must be compared with the current
machine position. This is absolutely necessary to ensure proper func-
tioning of the safe limit positions (SE) and safe cams (SN).
The user agreement can only be changed in key--actuated switch
setting 3 or after entering a password.
r
Program The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

27007 Axis %1 acceptance test mode is active

Parameter %1 = axis name, spindle number
Explanation An SI acceptance test has been started with the acceptance test
wizard at the operator panel. The acceptance test mode is activated for
the NCK and drive for the duration of this acceptance test. In the
acceptance test mode, SI power on alarms can be acknowledged with
the reset key.
Response Alarm display, on the NCK side, the alarm criterion of SI--POWER ON
alarms is changed over to reset--acknowledgeable.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-681
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy Deselect the acceptance test using the acceptance test Wizard or wait
until it has been completed (the duration of the acceptance test can be
parameterized using MD36958 $MA_SAFE_ACCEPTANCE_TST_TI-
MEOUT).
Program
r The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

27008 Axis %1 SW limit switch deactivated

Parameter %1 = axis name, spindle number
Explanation An SI acceptance test safe limit position has been started with the
acceptance test Wizard at the operator interface. For these acceptance
tests, the single--channel SW limit switches are deactivated for the
axis/spindle in order to ensure that the safe limit positions can be
approached.
Response Alarm display
Deactivating the single--channel software limit switch for the displayed
axis/spindle.
Remedy Deselect the acceptance test, e.g. using the acceptance test Wizard or
wait for the end of the test. (duration of the acceptance test can be
parameterized using MD36958 $MA_SAFE_ACCEPTANCE_TST_TI-
MEOUT).
Program
r The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

27010 Axis %1 tolerance exceeded for safe operating stop

Parameter %1 = axis name, spindle number
Explanation The axis has moved too far away from the reference position. It has
moved farther away than permitted in MD36930 $MA_SAFE_STAND-
STILL_TOL. The alarm can be re--configured in the MD11412
$MN_ALARM_REACTION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Channel not ready
Stop the axis with speed setpoint = 0 (STOP B). As soon as the speed
actual value is less than that defined in the MD36960
$MA_SAFE_STANDSTILL_VELO_TOL, at the latest however, after the
time in MD36956 $MA_SAFE_PULSE_DISABLE_DELAY expires, the
pulses are cancelled (STOP A).

© Siemens AG 2015 All Rights Reserved

10-682 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy Check the tolerance for the standstill monitoring: does the value match
the precision and control dynamic performance of the axis?
If not, increase the tolerance. If yes, check the machine for damage
and repair it.
r
Program Switch--off – switch--on the control
continuation

27011 Axis %1 safely reduced speed exceeded

Parameter %1 = axis name, spindle number
Explanation The axis has moved too quickly and faster than that specified in
MD36931 $MA_SAFE_VELO_LIMIT.
If function ”Correction safely reduced speed” in MD36901
$MA_SAFE_FUNCTION_ENABLE is enabled, then for SG2 and SG4,
the active correction value from MD36932
$MA_SAFE_VELO_OVR_FACTOR[0...15] must be taken into account
for the permissible speed.
Special case:
When SBH/SG is active in a configuration with a 1--encoder system,
the speed that corresponds to the encoder limit frequency was
exceeded.
Response NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
The axis is stopped with STOP A, C, D or E, depending on what has
been configured in MD36961 $MA_SAFE_VELO_STOP_MODE or
MD36963 $MA_SAFE_VELO_STOP_REACTION.
Remedy If no obvious operator error has occurred: Check the input value of the
MD, check safe input signals: is the correct safely reduced speed
selected?
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27012 Axis %1 safe limit position exceeded

Parameter %1 = axis name, spindle number
Explanation The axis has passed the limit position entered in MD36934
$MA_SAFE_POS_LIMT_PLUS or MD36935 $MA_SAFE_POS_LI-
MIT_MINUS.
Response NC start disable in this channel
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
This axis is stopped with STOP C,D or E, according to the configura-
tion in MD36962 $MA_SAFE_POS_STOP_MODE.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-683
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy If no obvious operator error has occurred: Check the input value of the
machine data, check safe input signals: is the correct one of 2 limit
positions selected?
The alarm is output again as long as the axis is not at the limit position.
To traverse the axis again, you can either
-- manually return the axis,
-- switchover to another limit switch pair so that the axis is again in the
permissible range,
-- delete the user agreement and initiate a PO reset. Alarm ”Axis no
longer safely referenced” is displayed and the limit switch monitoring
functions are deactivated. Traverse the machine backward, so that it
is again in the permissible range. Then issue the user agreement
again.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation Withdraw the user agreement for this axis. Then press the RESET key.
The program is aborted and the alarm reset. Move the axis -- in the
JOG mode -- to the valid traversing range. After the NC program error
has been resolved and the position of this axis carefully checked, the
user agreement can be re--issued and the program can be restarted.

27013 Axis %1 Safe acceleration monitoring exceeded

Parameter %1 = axis name, spindle number
Explanation After the initiation of STOP B or C, the speed exceeded the tolerance
value entered in MD36948 $MA_SAFE_STOP_VELO_TOL.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
The pulses are locked by initiating a STOP A.
Remedy Checking MD36948 $MA_SAFE_STOP_VELO_TOL. Check the
braking characteristics of the drive involved.
r
Program Switch--off – switch--on the control
continuation

© Siemens AG 2015 All Rights Reserved

10-684 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27020 Axis %1 STOP E initiated

Parameter %1 = axis name, spindle number
Explanation This alarm comes with alarms 27011 ”Safely reduced speed exceeded”
or 27012 ”Safe limit position exceeded” (according to the configuration
in
MD36961 $MA_SAFE_VELO_STOP_MODE,
MD36963 $MA_SAFE_VELO_STOP_REACTION or
MD36962 $MA_SAFE_POS_STOP_MODE) or alarm 27090 after a
SPL--CDC error occurs.
Response NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
A LIFTFAST--ASUB (sub--routine) is initiated and the safe operating
stop (SBH) is internally activated after the time set in MD36954:
$MA_SAFE_STOP_SWITCH_TIME_E has expired.
Remedy Remove the causes of alarm 27011 ”safely reduced speed exceeded”
or 27012 ”safe limit position exceeded” or 27090 ”error for crosswise
data comparison NCK--PLC” (see a description of the alarms).
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27021 Axis %1 STOP D initiated

Parameter %1 = axis name, spindle number
Explanation This alarm comes with alarms 27011 ”Safely reduced speed exceeded”
or 27012 ”Safe limit position exceeded” (according to the configuration
in
MD36961 $MA_SAFE_VELO_STOP_MODE,
MD36963 $MA_SAFE_VELO_STOP_REACTION or
MD36962 $MA_SAFE_POS_STOP_MODE or alarm 27090 after a
SPL--CDC error occurs.
Response NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
”Braking along the path” is initiated and the safe operating stop (SBH)
is internally activated after the time set in MD36953
$MA_SAFE_STOP_SWITCH_TIME_D has expired.
Remedy Remove the causes of alarm 27011 ”safely reduced speed exceeded”
or 27012 ”safe limit position exceeded” or 27090 ”error for crosswise
data comparison NCK--PLC” (see a description of the alarms 27011,
27012).
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-685
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27022 Axis %1 STOP C initiated

Parameter %1 = axis name, spindle number
Explanation This alarm comes with alarms 27011 ”Safely reduced speed exceeded”
or 27012 ”Safe limit position exceeded” (according to the configuration
in
MD36961 $MA_SAFE_VELO_STOP_MODE,
MD36963 $MA_SAFE_VELO_STOP_REACTION or
MD36962 $MA_SAFE_POS_STOP_MODE).
Response NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
”Braking along the current limit/OFF3 ramp” is initiated and the safe
operating stop (SBH) is internally activated after the time set in
MD36952 $MA_SAFE_STOP_SWITCH_TIME_C has expired.
Remedy Remove the causes for ”safely reduced speed exceeded” or ”safe limit
position exceeded” alarm (refer to a description of the alarms).
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

27023 Axis %1: STOP B initiated

Parameter %1 = axis name, spindle number
Explanation This alarm comes with the alarm 27010 ”Tolerance for safe operating
stop exceeded” or after the alarm 27001 ”Defect in a monitoring
channel ” or 2710x ”Difference for function...”.
The alarm can be re--configured in the MD11412 $MN_ALARM_REAC-
TION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
”Braking at the current limit/OFF3 ramp ” is initiated and the timer for
changeover to STOP A is activated (refer to MD36956
$MA_SAFE_PULSE_DISABLE_DELAY).
Remedy Remove the causes of alarm 27010 ”Tolerance for safe standstill
exceeded” or 27001 ”Defect in a monitoring channel” or 2710x
”Difference for function...” (see a description of the alarms).
r
Program Switch--off – switch--on the control
continuation

© Siemens AG 2015 All Rights Reserved

10-686 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27024 Axis %1 STOP A initiated

Parameter %1 = axis name, spindle number
Explanation This alarm is output as a result of
-- Alarm 27011 ”safely reduced speed exceeded” (for the appropriate
configuring in MD36961 $MA_SAFE_VELO_STOP_MODE,
MD36963 $MA_SAFE_VELO_STOP_REACTION),
-- Alarm 27013 ”Safe acceleration monitoring exceeded”
-- Alarm 27023 ”Stop B initiated”
-- Unsuccessful test stop.
The alarm can be re--configured in the MD11412 $MN_ALARM_REAC-
TION_CHAN_NOREADY (channel not ready).
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
”Pulse cancellation” initiated.
Remedy Remove the causes of
-- Alarm 27011 ”Safely reduced speed exceeded”,
-- Alarm 27013 ”Safe acceleration monitoring exceeded”
-- Alarm 27023 ”Stop B initiated”
-- Unsuccessful test stop.
(refer to the description of the alarms).
rProgram Switch--off – switch--on the control
continuation

27032 Axis %1 checksum error of safe monitoring. Confirmation and

acceptance test required!
Parameter %1 = axis name, spindle number
Explanation A checksum protects the relevant MD to parameterize the axis--specific
safety functionality. The alarm indicates that the actual checksum no
longer matches the saved checksum, i.e. that either an MD value was
illegally changed or is corrupt.
In the commissioning phase (SPL commissioning mode active), instead
of the individual axis--specific checksum alarms (27032, 27035 and
27060), the axis--specific group alarm 27132 is displayed. MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL can be used to further
reduce the alarm display so that only one alarm is displayed for all axes
(global group alarm 27135).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-687
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Mode group not ready

Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check MD Have the checksum re--calculated. Safety functions (motion
monitoring functions) should be subject to a new acceptance test.
rProgram Switch--off – switch--on the control
continuation

27033 Axis %1 parameterization of the MD %2[%3] invalid, error code %4

Parameter %1 = axis name, spindle number
%2 = MD name
%3 = MD field index for MD name
%4 = error code, note regarding the cause
Explanation The parameterization of the machine data is incorrect. An additional
indication is the field index of the machine data. If the machine data is a
single item of machine data, a zero is specified as a field index. This
alarm occurs in the following contexts:
-- 1: The conversion of the specified MD into the internal computation
format resulted in an overflow.
-- 2: Error when parameterizing the input/output assignments for SGE/
SGA.
-- 3: One of the activated cam positions is outside the actual value
modulo range.
-- 4: The function ”actual value synchronization 2--encoder system”
(slip) is selected for a single--encoder system.
-- 5: The function ”actual value synchronization 2--encoder system”
(slip) is simultaneously selected with a function with absolute
reference (SE/SN).
-- 6: A safety function was enabled in MD36901 $MA_SAFE_FUNC-
TION_ENABLE without the safety functions SBH/SG having been
enabled.
-- 7: An axis--specific SGE/SGA was parameterized at the SPL inter-
face (segment number = 4) and the function enable for the external
stops is missing (MD36901 $MA_SAFE_FUNCTION_ENABLE, bit
6).
-- 8: In MD36901 $MA_SAFE_FUNCTION_ENABLE using bit 7 cam
synchronization is activated, without the cams having been enabled
using bits 8...15.
-- 9: In the specified machine data, for a linear axis, a value greater
than 1000 mm/min was entered.
-- 10: For a linear axis, a value of greater than 10 mm was entered
into MD36942 $MA_SAFE_POS_TOL.
-- 11: For a linear axis, a value of greater than 1 mm was entered into
MD36942 $MA_SAFE_POS_TOL.

© Siemens AG 2015 All Rights Reserved

10-688 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

-- 12: A zero was entered in MD36917

$MA_SAFE_ENC_GRID_POINT_DIST.
-- 13: A zero was entered in MD36918 $MA_SAFE_ENC_RESOL.
-- 14: The parameterized cam modulo range MD36905
$MA_SAFE_MODULO_RANGE is not an integral multiple of 360
degrees.
-- 15: An axis--specific SGE/SGA was parameterized at the SPL inter-
face (segment number = 4) and the SGE ”Deselect ext. STOP A”
(assigned using MD36977 $MA_SAFE_EXT_STOP_INPUT[0]) was
parameterized inverted (bit 31 = 1) or the SGE ”Deselect ext. STOP
A” was not parameterized at the SPL interface $A_OUTSI.
-- 16: MD10097 $MN_SAFE_SPL_STOP_MODE was parameterized
to a value of 4 (Stop E) without having enabled the external Stop E
in all axes with SI function enable signals (MD36901
$MA_SAFE_FUNCTION_ENABLE not equal to 0).
-- 17: An invalid value was parameterized MD36907
$MA_SAFE_DRIVE_PS_ADDRESS -- or the same address was
assigned for several axes.
-- 18: It was not possible to internally pre--assign MD36919
$MA_SAFE_ENC_PULSE_SHIFT from the drive parameterization
as the values must have been entered outside the permissible
range. Adapt the encoder parameterization in the drive.
-- 19: MD36932 $MA_SAFE_VELO_OVR_FACTOR was para-
meterized with decimal places.
-- 20: The values entered in MD36934 $MA_SAFE_POS_LI-
MIT_PLUS and MD36935 $MA_SAFE_POS_LIMIT_MINUS have
been interchanged. The upper limit is less than or equal to the lower
limit.
-- 21: Various settings were made in MD30300 $MA_IS_ROT_AX and
MD36902 $MA_SAFE_IS_ROT_AX.
-- 22: The parameterized cam modulo range MD36905
$MA_SAFE_MODULO_RANGE and the modulo range in MD30330
$MA_MODULO_RANGE cannot be divided by one another to result
in an integral number.
-- 23: The NC--controlled mechanical brake system test was enabled
in MD37000 $MA_FIXED_STOP_MODE (bit 1 = 1), without safe
operation having been enabled for this axis in MD36901
$MA_SAFE_FUNCTION_ENABLE or MD37950
$MA_SAFE_INFO_ENABLE. The mechanical brake system test is
only permissible in this axis with safety functions.
-- 24: An illegal value was parameterized in MD36961
$MA_SAFE_VELO_STOP_MODE or MD36963
$MA_SAFE_VELO_STOP_REACTION.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-689
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

-- 25: Alarms 27000/F01797 should be suppressed when parking

(MD36965 $MA_SAFE_PARK_ALARM_SUPPRESS!=0). In this
case, the SGA ”axis safely referenced” must be parameterized
using the MD36987 $MA_SAFE_REFP_STATUS_OUTPUT.
-- 26: The logical basis configured in Step 7 and addressed via
MD36906 $MA_SAFE_CTRLOUT_MODULE_NR, MD10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS do not match, or the slot
that is addressed has the wrong length.
-- 27: Cam position MD36936 $MA_SAFE_CAM_POS_PLUS[n] or
MD36937 $MA_SAFE_CAM_POS_MINUS[n] has been para-
meterized too close to the modulo limit.
-- 28: ”Safe cams” have been enabled in MD36901
$MA_SAFE_FUNCTION_ENABLE in bits 8....15, while the ”Safe
cam track” function was enabled at the same time in MD36903
$MA_SAFE_CAM_ENABLE.
-- 29: Minus cam position MD36937 $MA_SAFE_CAM_POS_MI-
NUS[n] is greater than the plus cam position MD36963
$MA_SAFE_CAM_POS_PLUS[n]. This is not permitted for the ”safe
cam track” function.
-- 30: The distance between 2 cams on a cam track (MD36937
$MA_SAFE_CAM_POS_MINUS[n] and MD36936
$MA_SAFE_CAM_POS_PLUS[n]) is too short. (”Safe cam track”
function)
-- 31: The cam length, i.e. the distance between the plus cam position
(MD36936 $MA_SAFE_CAM_POS_PLUS[n]) and minus cam posi-
tion (MD36937 $MA_SAFE_CAM_POS_MINUS[n]) is too short.
(”Safe cam track” function)
-- 32: For at least 2 cams enabled in MD36903
$MA_SAFE_CAM_ENABLE, identical values have been entered
into MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]. (”Safe cam
track” function)
-- 33: The value parameterized in MD36938
$MA_SAFE_CAM_TRACK_ASSIGN[n] for a cam enabled in
MD36903 $MA_SAFE_CAM_ENABLE is invalid. (”Safe cam track”
function)
-- 34: A cam track has been assigned more than 15 cams using
MD36938 $MA_SAFE_CAM_TRACK_ASSIGN[n]. (”Safe cam
track” function)
-- 35: The cam modulo functionality in MD36905 $MA_SAFE_MO-
DULO_RANGE is selected but is presently still not supported for the
”safe cam track” function.
-- 36: The parameterized monitoring clock cycle MD10091
$MN_INFO_SAFETY_CYCLE_TIME does not match the monitoring
clock cycle (p9500) parameterized in the drive monitoring channel.
-- 37: The velocity hysteresis n&lt;nx in MD36947
$MA_SAFE_VELO_X_HYSTERESIS is greater than half of the
velocity limit n&lt;nx in MD36947 $MA_SAFE_VELO_X.

© Siemens AG 2015 All Rights Reserved

10-690 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

-- 38: The velocity hysteresis n&lt;nx in MD36947

$MA_SAFE_VELO_X_HYSTERESIS is
less than or equal to 0.
-- 39: The velocity tolerance n&lt;nx in MD36947
$MA_SAFE_VELO_X_HYSTERESIS is less than the slip tolerance
in MD36949 $MA_SAFE_SLIP_VELO_TOL.
-- 40: An axis--specific SGE/SGA addresses the SPL interface outside
the scope enabled via the corresponding option.
-- 41: The total encoder resolution (combination of low and fine resolu-
tion in MD36918 $MA_SAFE_ENC_RESOL and MD36919
$MA_SAFE_PULSE_SHIFT) is not valid or exceeds the supported
actual value format.
-- 42: Simultaneously enabling the NC--controlled brake test and
drive--integrated brake test is not permitted.
-- 43: For an axis with safety functions the setpoint/actual value
assignment in MD30100 $MA_CTRLOUT_SEGMENT_NR was not
parameterized for a PROFIdrive drive. Enable
Reset SIC/SCC coupling (MD37950 $MA_SAFE_INFO_ENABLE)
or enable NC--controlled brake test (MD37000 $MA_FI-
XED_STOP_MODE).
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check and modify the MD named in the alarm text. Have the checksum
re--calculated. Safety functions should be subject to a new acceptance
test.
rProgram Switch--off – switch--on the control
continuation

27034 Parameterization of the MD %1[%2] invalid

Parameter %1 = MD name
%2 = MD field index for MD name
Explanation The parameterization of the specified machine data is incorrect. This
alarm occurs in conjunction with the following:
-- An invalid value was set for MD10094 $MN_SAFE_ALARM_SUP-
PRESS_LEVEL.
-- An invalid value was set for MD13343 $MN_SAFE_RDP_CONNEC-
TION_NR.
-- An invalid value was set for MD13333 $MN_SAFE_SDP_CONNEC-
TION_NR.
-- An invalid value was set for MD13307 $MN_PROFISAFE_IPO_RE-
SERVE.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-691
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Mode group not ready

Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check and correct the specified machine data.
rProgram Switch--off – switch--on the control
continuation

27035 Axis %1 new hardware component, confirmation and function test

required
Parameter %1 = axis name, spindle number
Explanation The IDs for the associated HW components (encoder, motor, module)
read out of the drive do not match the NCK parameterization.
In the commissioning phase (SPL commissioning mode active), instead
of the individual axis--specific checksum alarms (27032, 27035 and
27060), the axis--specific group alarm 27132 is displayed. MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL can be used to further
reduce the alarm display so that only one alarm is displayed for all axes
(global group alarm 27135).
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy If the alarm occurs while commissioning, then the following should be
done:
-- Acknowledge checksum MD36998 $MA_SAFE_ACT_CHECK-
SUM[1] (key switch setting 3 or password must be entered),
continue commissioning.
If the alarm occurs after the replacement of an encoder module or
DRIVE--CLiQ motor/encoder, then the following should be done:
-- In the Diagnostics operator area, acknowledge the hardware check-
sum in MD36998 $MA_SAFE_ACT_CHECKSUM[1] via softkey (key
switch setting 3 or password must be entered)
-- Re--calibration of the actual value encoder
-- Checking the SI actual value acquisition: Speeds, traversing direc-
tion, absolute position (if required, set the user agreement)
-- Document the new checksum value in MD36998
SAFE_ACT_CHECKSUM[1] and the last entry in the change history
in MD36993 SAFE_CONFIG_CHANGE_DATE[0]
-- Document the hardware and software version data of the new
component

© Siemens AG 2015 All Rights Reserved

10-692 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Program
r Switch control system off and on again.
continuation

27036 Axis %1 encoder parameterization MD %2[%3] was adapted

Parameter %1 = axis name, spindle number
%2 = MD name
%3 = MD field index for MD name
Explanation The encoder parameterization for the SI monitoring functions, read out
of the drive, does not match the NCK parameterization displayed in the
MD. The appropriate NCK--MD was adapted.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
In addition, a STOP F is initiated, that can result in the subsequent
Alarm 27001 with fault IDs 0, 27023 and 27024. Alarm 27001 with fault
ID 0 can be prevented using the alarm reduction (MD10094
$MA_SAFE_ALARM_SUPPRESS_LEVEL greater than or equal to 1).
Remedy Continue commissioning, correct checksums.
r
Program Switch control system OFF and ON again.
continuation

27037 Axis %1 and %2 with the same PROFIsafe address %3

Parameter %1 = axis name, spindle number
%2 = axis name, spindle number
%3 = PROFIsafe address
Explanation The PROFIsafe address read out from the drive is identical for these
two axes.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correctly set the PROFIsafe address of the drives.
r
Program Switch control system OFF and ON again.
continuation

27038 Axis %1 value %2 in drive parameter %3 violates the limits of NCK

MD %4
Parameter %1 = axis name, spindle number
%2 = value in the drive parameter
%3 = number of the drive parameter, e.g. R0979
%4 = name of the NCK machine data

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-693
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Explanation Values that violate the permissible value range or internal limits for
NCK machine data are supplied in a parameter from a Sinamics drive.
If several drive parameters are specified, the combination of specified
drive parameters is incorrect. In this case the result of the linking is
displayed as a value
The following causes are possible:

r0469: Resolution of the absolution position for linear absolute

encoder not valid or relationship between grid line and
measuring step not binary.
r0470: Number of valid bits of the redundant, rough position va-
lue incorrect.
r0471: Number of fine resolution bits of the redundant, rough
position value incorrect.
r0472: Number of relevant bits of the redundant, rough position
value incorrect or ”0”.
r0470/0471/0472: Slide factor for rough--position bits in finely resolved
actual value yields prohibited value (parameter values are
not compatible).
r0473: Number of safety--related measuring steps in position
value POS1 not valid.
r0474: A bit not recognized by the NCK is set. The alarm output
in this position can be hidden using the MD10096
$MN_SAFE_DIAGNOSIS_MASK, bit 3 = 1.
r0475: Number of the highest--value bit of the redundant coarse--
grained layer incorrect.
r0979: Error in encoder format in acc. with PROFIdrive
r9527: Encoder type not valid

Response Alarm display

Remedy Investigate, why in the specified drive parameter(s) an incorrect value
has been entered (e.g. for internal software errors in the drive, refer to
the drive documentation).
r
Program Switch control system OFF and ON again.
continuation

© Siemens AG 2015 All Rights Reserved

10-694 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27039 Axis %1 parameterization MD %2[%3] was changed, acknowledge

and acceptance required
Parameter %1 = axis name, spindle number
%2 = MD name
%3 = MD field index for MD name
Explanation The parameterization for the SI monitoring functions, read out of the
drive, does not match the NCK parameterization displayed in the MD.
The appropriate NCK--MD was adapted.
The following relationship exists between NCK MDs and drive para-
meters:
MD36969$ MA_SAFE_BRAKETEST_TORQUE_NORM corresponds
to p2003
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Continue commissioning, correct checksums.
When displaying MD36969 $MA_SAFE_BRAKETEST_TOR-
QUE_NORM:
Changes to p2003 must be taken into account when parameterizing
MD36969 $MA_SAFE_BRAKETEST_TORQUE. The holding torque to
be parameterized for the brake test must be reselected:
MD36969 $MA_SAFE_BRAKETEST_TORQUE = required test torque
of the brake / p2003 * 100
An acceptance test must then be performed to ensure that the brake
test functions correctly.
r
Program Switch control system OFF and ON again.
continuation

27040 Axis %1 wait for motor module

Parameter %1 = axis name, spindle number
Explanation Alarm when booting as long as the Motor Module is still not ready for
SI. When booting, communications to the Motor Module have still not
been established as the safety functions are still not available.
MD10094 $MN_SAFE_ALARM_SUPPRESS_LEVEL can be used to
set the alarm display so that only one alarm is displayed for all axes.
Response Alarm display
Interface signals are set
Remedy The alarm is continuously active when booting if the drive does not
communicate. Otherwise, the alarm is only briefly present and is then
automatically cleared again.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-695
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Possible causes for the alarm being permanently present:

-- The safety motion monitoring functions are only activated in
MD36901 $MA_SAFE_FUNCTION_ENABLE, however, not in the
corresponding parameter of the associated drive (p9501).
-- The assignment axis --> drive via MD36906
$MA_SAFE_CRTLOUT_MODULE_NR, MD10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS or p0978 is incorrect.
-- PROFIBUS connector fallen out.
rProgram The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

27050 Axis %1 failure SI communication

Parameter %1 = axis name, spindle number
Explanation Communications with the drive for the Safety Integrated motion moni-
toring functions is additionally monitored. This monitoring function has
detected an error.
Response Alarm display
Interface signals are set
NC start disable in this channel
NC stop for alarm
In addition, a STOP F is initiated, that can result in the subsequent
Alarm 27001 with fault IDs 0, 27023 and 27024. Alarm 27001 with fault
ID 0 can be prevented using the alarm reduction (MD10094
$MA_SAFE_ALARM_SUPPRESS_LEVEL greater than or equal to 1).
Remedy Check the connections between the NCK and drive.
Check the configuring of the PROFIBUS telegram (e.g. SI slot con-
figured).
Check the assignment between the NCK SI axis and SI slot (MD36906
$MA_SAFE_CTRLOUT_MODULE_NR, MD10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS).
Check the assignment of the telegram configuration for the slave OM
Check and ensure that the EMC Directives are complied with.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

27060 Axis %1 checksum error, drive assignment, acknowledgment and

acceptance test required!
Parameter %1 = axis name, spindle number

© Siemens AG 2015 All Rights Reserved

10-696 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Explanation The axis--specific MD $MA_SAFE... and MD10393

$MN_SAFE_DRIVE_LOGIC_ADDRESS are protected by a checksum.
The alarm indicates that the actual checksum no longer matches the
saved checksum, i.e. that either a piece of data was illegally changed
or is corrupt.
In the commissioning phase (SPL commissioning mode active), instead
of the individual axis--specific checksum alarms (27032, 27035 and
27060), the axis--specific group alarm 27132 is displayed. MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL can be used to further
reduce the alarm display so that only one alarm is displayed for all axes
(global group alarm 27135).
Response Alarm display
Interface signals are set
NC start disable in this channel
NC stop for alarm
Mode group not ready
Channel not ready
Remedy Check the machine data, recalculate the checksum and confirm.
Re--accept the safety functions (connections, NCK axis -- drive
encoder).
r
Program Switch--off – switch--on the control
continuation

27070 Checksum error parameterization SPL and SPL interfaces.

Confirmation and acceptance test required!
Explanation The NCK--MD to parameterize the SPL I/O and SPL functionality (also
including $MN_PROFISAFE..., MD133xx/134xx $MN_SAFE_SDP/
RDP...) are protected using a checksum. The alarm indicates that the
actual checksum no longer matches the saved checksum, i.e. that
either a piece of data was illegally changed or is corrupt.
Response Alarm display
Interface signals are set
NC start disable in this channel
NC stop for alarm
Mode group not ready
Channel not ready
Remedy Check the machine data, recalculate the checksum and confirm. Re--
accept the safety functions (PROFIsafe I/O, SPL I/O, FSEND/FRECV).
r
Program Switch--off – switch--on the control
continuation

27071 Checksum error safe SPL parameterization. Confirmation and

acceptance test required!
Explanation The NCK--MD13312 $MN_SAFE_SPL_USER_DATA is protected by a
checksum. The alarm indicates that the actual checksum no longer
matches the saved checksum, i.e. that either a piece of data was
illegally changed or is corrupt.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-697
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Alarm display

Interface signals are set
NC start disable in this channel
NC stop for alarm
Mode group not ready
Channel not ready
Remedy Check the machine data, recalculate the checksum and correct. Safety
functions should be subject to a new acceptance test.
rProgram Switch--off – switch--on the control
continuation

27072 Checksum error enable safe communication. Confirmation and

acceptance test required!
Explanation The NCK--MD to enable the SPL coupling (also including
MD13302/13303 $MN_PROFISAFE_IN/OUT_ENABLE_MASK,
MD13330/13340 $MN_SAFE_RDP/SDP_ENABLE_MASK) are pro-
tected by a checksum. The alarm indicates that the actual checksum
no longer matches the saved checksum, i.e. that either a piece of data
was illegally changed or is corrupt.
Response Alarm display
Interface signals are set
NC start disable in this channel
NC stop for alarm
Mode group not ready
Channel not ready
Remedy Check the machine data, recalculate the checksum and correct.
Re--accept the safety functions (PROFIsafe, FSEND/FRECV).
rProgram Switch--off – switch--on the control
continuation

27073 Checksum error S7--PROFIsafe configuration. Confirmation and

acceptance test required!
Explanation The F parameters required for PROFIsafe communication are pro-
tected by a checksum. The alarm indicates that the actual checksum
no longer matches the saved checksum, i.e. that either a piece of data
was illegally changed or is corrupt.
Response Alarm display
Interface signals are set
NC start disable in this channel
NC stop for alarm
Mode group not ready
Channel not ready
Remedy Check the PROFIsafe configuring on the S7 side, recalculate the
checksum and correct. Re--accept the safety functions (PROFIsafe
I/O).

© Siemens AG 2015 All Rights Reserved

10-698 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Program
r Switch--off – switch--on the control
continuation

27090 Error for crosswise data comparison NCK--PLC %1 [%2], NCK:

%3; %4<ALSI>
Parameter %1 = name of the system variable in which the error was detected
%2 = supplementary info, system variables -- field index
%3 = supplementary information, comparison value, NCK
%4 = supplementary information, crosswise data comparison -- field
index
Explanation For cyclic crosswise data comparison between the NCK and PLC
differences have occurred in the data that are being compared. Para-
meter %1 specifies the incorrect system variable ($A_INSI, $A_OUTSI,
$A_INSE, $A_OUTSE or $A_MARKERSI) with field index %2.
Special situations:
-- Display ”Error for crosswise Data comparison NCK--PLC,
$MN_PREVENT_SYNACT_LOCK[0], ...” means that the SPL
commissioning status is set differently in the NCK and PLC.
-- Display ”Error for crosswise Data comparison NCK--PLC,
$MN_SPL_STOP_MODE[0], ...” means that the SPL stop response
(Stop D or E) is set differently in the NCK and PLC.
-- Display ”Error for crosswise data comparison NCK--PLC, TI-
MEOUT[0], NCK: 0” means that there is a communication error
between NCK and PLC, and no crosswise data comparison can be
performed.
-- Display ”Error for crosswise data comparison NCK--PLC,
$MN_SAFE_SPL_USER_DATA[n], ...” means that the user data are
set differently in the NCK and PLC.
-- Display ”Error for crosswise Data comparison NCK--PLC,
$A_FRDP_SUBS[n], $A_FRDP_ERR_REAC[n], ...” means that the
specified system variables are different in the NCK and PLC.
Using parameter %4, a specific alarm message can be configured on
the HMI for each of the listed system variables:
-- 0: Error SPL commissioning status ($MN_PREVENT_SYN--
ACT_LOCK[0,1] -- SPL_READY)
-- 0: Error, SPL stop response
($MN_SAFE_SPL_STOP_MODE -- STOP E)
-- 0: Error, SPL user data
($MN_SAFE_SPL_USER_DATA -- SafeUserData)
-- 0: Error FSENDDP error response ($A_FSDP_ERR_REAC[n] --
FSDP_ERR_REAC
-- 0: Error FRECVDP error response ($A_FRDP_ERR_REAC[n] --
FRDP_ERR_REAC
-- 0: Error FRECVDP substitute values ($A_FRDP_SUBS[n] --
FRDP_SUBS
-- 1...64: Error in system variables $A_INSE[1...64]
-- 65...128: Error in system variables $A_OUTSE[1...64]
-- 129...192: Error in system variables $A_INSI[1...64]
-- 193...256: Error in system variables $A_OUTSI[1...64]

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-699
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

-- 257...320: Error in system variables $A_MARKERSI[1...64]

-- 321...448: Error in system variables $A_INSE[65...192]
-- 449...576: Error in system variables $A_OUTSE[65...192]
-- 577...704: Error in system variables $A_INSI[65...192]
-- 705...832: Error in system variables $A_OUTSI[65...192]
-- 833...960: Error in system variables $A_MARKERSI[65...192]
Response Alarm display
A STOP D/E is initiated (this can be set using MD10097
$MN_SPL_STOP_MODE) on all of the axes with safety functionality if
the SPL commissioning phase (MD11500 $MN_PREVENT_SYN-
ACT_LOCK[0,1] not equal to 0) has been completed.
Remedy Analyze the displayed value and evaluate DB18: SPL_DELTA on the
PLC side.
Find the difference between the monitoring channels.
Possible causes:
-- Incorrect wiring
-- Incorrect SPL
-- The axis--specific SGEs have been incorrectly assigned to the
internal interface $A_OUTSI
-- The axis--specific SGAs have been incorrectly assigned to the
internal interface $A_INSI
-- The SPL--SGEs have been incorrectly assigned to the external
interface $A_INSE
-- The SPL--SGAs have been incorrectly assigned to the external
interface $A_OUTSE
-- Different SPL commissioning status has been set in the NCK and
PLC
-- Different SPL stop response has been set in the NCK and PLC
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27091 Error for crosswise data comparison, NCK--PLC, STOP of %1

Parameter %1 = supplementary information about the monitoring channel that has
initiated the stop
Explanation The monitoring channel specified in %1 (NCK or PLC) has initiated a
STOP D or E (depending on the parameterization in MD10097
$MN_SAFE_SPL_STOP_MODE). Alarm 27090 provides additional
information about the reason for the Stop D/E.
Response Alarm display
A STOP D/E is initiated (this can be set using MD10097
$MN_SPL_STOP_MODE) on all of the axes with safety functionality if
the SPL commissioning phase (MD11500 $MN_PREVENT_SYN-
ACT_LOCK[0,1] not equal to 0) has been completed.
Remedy Evaluate the alarm parameters of Alarm 27090 and correct the SPL, or
check the internal SPL interfaces to the safety monitoring channels in
the NCK and drive.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

© Siemens AG 2015 All Rights Reserved

10-700 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27092 Communication interrupted for crosswise data comparisonNCK--

PLC, error detected by %1
Parameter %1 = supplementary information about the detecting monitoring
channel
Explanation In the monitoring channel (NCK or PLC) specified in the alarm text, the
delay stage (1 s) for communication monitoring has been exceeded.
The other monitoring channel did not send new data within this time.
Response Alarm display
A timer of 5 s is started -- after it has expired
-- The external NCK--SPL outputs are deleted (cleared)
-- The PLC goes to stop.
Remedy Do not start the SPL anymore. Check the system components (PLC
must have the correct version of FB15 and have DB18).
Program
r Switch--off – switch--on the control
continuation

27093 Checksum error NCK--SPL, %1, %2, %3

Parameter %1 = supplementary information about the type of error
%2 = supplementary information about the reference size
%3 = supplementary information about the current size
Explanation The checksum error in the NCK SPL. The file
/_N_CST_DIR/_N_SAFE_SPF was subsequently modified.
The safe programmable logic (SPL) in the NCK may be corrupted.
Parameter %1 provides further information about the type of change:
%1 = FILE_LENGTH: The file length has changed.
%1 = FILE_CONTENT: The file contents have changed.
%1 = FILE_PROTECT: The access rights to the file are restricted and
have been violated as the SPL commissioning phase has been exited.
%2 specifies the variable calculated as the reference (file length,
checksum over file contents),
%3 specifies the current size calculated cyclically.
Response Alarm display
Remedy Check the file and when the file was last changed. Reload the original
file and start the monitoring system again with a power on.
r
Program Switch--off – switch--on the control
continuation

27095 %1 SPL protection not activated

Parameter %1 = name of the component for which the protection is not activated
(NCK or PLC)
Explanation The protective mechanisms for the SPL have not been activated. The
commissioning phase of the SPL has not yet been completed. For an
error in the crosswise data comparison between NCK and PLC, a stop
response (Stop D or E) is not initiated.
Response Alarm display

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-701
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Remedy Remedy for NCK: Activate the protective mechanisms by writing to

MD11500 $MN_PREVENT_SYNACT_LOCK [0,1]. The number range
of the synchronous action IDs used in the SPL must be entered in this
MD.
Remedy for the PLC: Activate the protective mechanisms by setting the
appropriate data bit in DB18.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

27096 SPL start not permitted

Explanation To start the SPL in the protected state (MD11500 $MN_PRE-
VENT_SYNACT_LOCK[0,1] not equal to 0), at least one axis must
have Safety Integrated functionality activated (via MD36901
$MA_SAFE_FUNCTION_ENABLE) beforehand, and operated with
active drive.
In addition, at least one SGE/SGA of this axis must have been para-
meterized at an SPL interface. Without this functionality it is only
possible to operate the SPL in the commissioning state.
Response Mode group not ready
Channel not ready
NC start disable in this channel
NC stop for alarm
Alarm display
Interface signals are set
Remedy SPL protection withdrawn via MD11500 $MN_PREVENT_SYN-
ACT_LOCK[0,1] or
-- Commissioning of the axis--specific Safety Integrated functionality
and
-- Parameterization of at least one SGE/SGA at an SPL interface and
-- Activation of the associated drive object
r
Program Switch--off – switch--on the control
continuation

27097 SPL not started

Explanation After the time defined in MD13310 SAFE_SPL_START_TIMEOUT
expired, the SPL had not started.
This alarm can be suppressed using MD10096 $MN_SAFE_DIAGNO-
SIS_MASK, bit 1 = 1.
Response Alarm display

© Siemens AG 2015 All Rights Reserved

10-702 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy Find the reason why SPL did not start. Possible causes could be:
-- There is either an NC or drive fault (e.g. after replacing an encoder,
Emergency Stop, PROFIsafe alarms)
-- There is a syntax error in the SPL itself
-- A safety alarm is present (e.g. ”safe end position exceeded”)
-- At PROG_EVENT start, the name or path of the SPL was not
correctly written to; observe upper and lower case letters
-- Simultaneous start of an ASUB and PROG_EVENT, parameterizing
MD11602 (stop reasons, read--in inhibit)
-- Problems when calling FB4/FC9
r
Program Switch--off – switch--on the control
continuation

27098 SPL commissioning phase completed

Explanation The SPL commissioning phase was just ended by changing MD11500
$MN_PREVENT_SYNACT_LOCK.
The /_N_CST_DIR/_N_SAFE_SPF is, from the next power on, subject
to the monitoring mechanisms defined for the SPL (access protection,
checksum calculation).
Changes to SPL can only be made in the unprotected state.
Response Alarm display
Remedy Carry out a power on for the control.
Check and monitor the changes of the logic in the SPL using an
acceptance test.
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27099 Double assignment in the SPL assignment MD %1[%2] --

MD %3[%4]
Parameter %1 = MD name 1
%2 = MD field index for MD name 1
%3 = MD name 2
%4 = MD field index for MD name 2
Explanation SPL inputs ($A_INSE) have been assigned twice by various applica-
tions in the displayed machine data. These can be:
-- PROFIsafe communication
-- F_DP communication

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-703
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Possibly involved machine data:

%1 and %3:
-- MD10388 $MN_PROFISAFE_IN_ASSIGN
-- MD13346 $MN_SAFE_RDP_ASSIGN
Response Alarm display
Remedy Correct the displayed MD.
Program
r Switch control system OFF and ON again.
continuation

27100 At least one axis is not safely referenced

Explanation There are two reasons for this alarm:
-- the machine position of at least one of the axes monitored with SI
has not been acknowledged by the user or
-- the machine position of at least one of the axes monitored with SI
has still not been verified by subsequent referencing
Even if the axis is already referenced there is no acknowledgment that
referencing has supplied the correct result. For example, incorrect
results can occur if the axis was moved after the control was powered--
down -- with the result that the stop position saved prior to powering--
down is no longer correct.
To ensure that this does not happen, the user must acknowledge the
displayed actual position after the first referencing operation.
When the user agreement has been set for the first time, the axis must
be subsequently referenced each time that the control is booted (when
absolute encoders are used, this subsequent referencing is automati-
cally executed). This procedure is carried out to verify the stop position
saved prior to powering--down the control.
The alarm display can be set in MD10094 $MN_SAFE_ALARM_SUP-
PRESS_LEVEL (MD < 3) in such a way that incorrect referencing is
displayed separately for each axis.
Response Alarm display
The SGA ”axis safely referenced” is not set. SE is disabled if the safe
actual position has not yet been acknowledged by the user agreement.
If the user agreement is set, SE remains active. The safe cams are
calculated and output, but their significance is limited because
referencing has not been acknowledged.
Remedy Move all of the SI axes to the known positions and change into the
”Referencing” mode. Check the positions on the machine displayed in
the user agreement screen and set the ”User agreement” using the
selection/toggle key.
If the user agreement has already been set for the axis, then re--
reference the axes. The user agreement can only be changed in key--
actuated switch setting 3 or after entering a password.
r
Program The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

© Siemens AG 2015 All Rights Reserved

10-704 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27101 Axis %1, difference in safe operating stop function, NCK: %2,
drive: %3
Parameter %1 = axis name, spindle number
%2 = monitoring status, safe operating stop
%3 = monitoring status, safe operating stop
Explanation In the crosswise data comparison of result list 1 between the NCK and
drive monitoring channels, a difference was detected in the state of the
safe operating stop monitoring.
Safe operating stop: Bits 0,1 in result list 1
Displayed monitoring status (NCK/drive (%2, %3)): 27102, 27103,
27104, 27105
Displayed monitoring status (NCK/drive (%3, %4)): 27106, 27107
Displayed monitoring status (NCK/drive (%2, %3)):
-- OFF = monitoring inactive in this monitoring channel
-- OK = monitoring active in this monitoring channel, limit values not
violated
-- L+ = monitoring active in this monitoring channel, upper limit value
violated
-- L-- = monitoring active in this monitoring channel, lower limit value
violated
Response Alarm display
NC start disable in this channel
A STOP F was initiated. If a safety monitoring function was active, then
a STOP B was also automatically initiated. It is then necessary to
power--down the control and power it up again (power on).
Remedy Check that the safe inputs in both monitoring channels have switched
into the same state within the permissible time tolerance.
For further diagnostics refer to the drive parameters r9710[0], r9710[1]
and the servo--trace signals ”result list 1 NCK” and ”result list 1 drive”.
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27102 Axis %1, difference in safely reduced speed function %2, NCK:
%3, drive: %4
Parameter %1 = axis name, spindle number
%2 = SG stage for which the difference was detected
%3 = monitoring status, safely reduced speed
%4 = monitoring status, safely reduced speed
Explanation In the crosswise data comparison of result list 1 between the NCK and
drive monitoring channels, a difference in the monitoring state of the
safely reduced speed monitoring was detected.
-- Safely reduced speed 1: Bits 6, 7 in result list 1
-- Safely reduced speed 2: Bits 8, 9 in result list 1
-- Safely reduced speed 3: Bits 10, 11 in result list 1
-- Safely reduced speed 4: Bits 12, 13 in result list 1
Displayed monitoring status (NCK/drive (%3, %4)):
-- OFF = monitoring inactive in this monitoring channel

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-705
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

-- OK = monitoring active in this monitoring channel, limit values not

violated
-- L+ = monitoring active in this monitoring channel, upper limit value
violated
-- L-- = monitoring active in this monitoring channel, lower limit value
violated
Response Alarm display
NC start disable in this channel
A STOP F was initiated. If a safety monitoring function was active, then
a STOP B was also automatically initiated. It is then necessary to
power--down the control and power it up again (power on).
Remedy Check that the safe inputs in both monitoring channels have switched
into the same state within the permissible time tolerance.
For further diagnostics refer to the drive parameters r9710[0], r9710[1]
and the servo--trace signals ”result list 1 NCK” and ”result list 1 drive”.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

27103 Axis %1, difference in safe limit position function %2, NCK: %3,
drive: %4
Parameter %1 = axis name, spindle number
%2 = number of the SE limit
%3 = monitoring status, safe limit position
%4 = monitoring status, safe limit position
Explanation In the crosswise data comparison of result list 1 between the NCK and
drive monitoring channels, a difference was detected in the monitoring
state of the safe limit position monitoring.
-- Safe limit position 1: Bits 2, 3 in result list 1
-- Safe limit position 2: Bits 4, 5 in result list 1
Displayed monitoring status (NCK/drive (%3, %4)):
-- OFF = monitoring inactive in this monitoring channel
-- OK = monitoring active in this monitoring channel, limit values not
violated
-- L+ = monitoring active in this monitoring channel, upper limit value
violated
-- L-- = monitoring active in this monitoring channel, lower limit value
violated
Response Alarm display
NC start disable in this channel
A STOP F was initiated. If a safety monitoring function was active, then
a STOP B was also automatically initiated. It is then necessary to
power--down/power--up the control (power on).
Remedy Check that the safe inputs in both monitoring channels have switched
into the same state within the permissible time tolerance.
For further diagnostics refer to the drive parameters r9710[0], r9710[1]
and the servo--trace signals ”result list 1 NCK” and ”result list 1 drive”.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

© Siemens AG 2015 All Rights Reserved

10-706 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27104 Axis %1, difference in safe cam plus function %2, NCK: %3,
drive: %4
Parameter %1 = axis name, spindle number
%2 = number of the cam
%3 = monitoring status, safe cam plus
%4 = monitoring status, safe cam plus
Explanation In the crosswise comparison of result list 2 (”Safe cams” function) or
result list 3/4/5/6/7 (”Safe cam track” function) a difference was
identified between the NCK and drive monitoring channels in the
monitoring state of the safe cam plus monitoring function.
The following applies to the ”Safe cams” function:
Safe cam 1+: Bits 0, 1 in result list 2
Safe cam 2+: Bits 4, 5 in result list 2
Safe cam 3+: Bits 8, 9 in result list 2
Safe cam 4+: Bits 12, 13 in result list 2

The following applies to the ”Safe cam track” function:

(each of the result lists 3--7 includes 6 cam results)
Safe cam 1+: Bits 0, 1 in result list 3
Safe cam 2+: Bits 4, 5 in result list 3
Safe cam 3+: Bits 8, 9 in result list 3
Safe cam 4+: Bits 12, 13 in result list 3
Safe cam 5+: Bits 16, 17 in result list 3
Safe cam 6+: Bits 20, 21 in result list 3

Safe cam 7+: Bits 0, 1 in result list 4

Safe cam 8+: Bits 4, 5 in result list 4
Safe cam 9+: Bits 8, 9 in result list 4
Safe cam 10+: Bits 12, 13 in result list 4
Safe cam 11+: Bits 16, 17 in result list 4
Safe cam 12+: Bits 20, 21 in result list 4

Safe cam 13+: Bits 0, 1 in result list 5

Safe cam 14+: Bits 4, 5 in result list 5
Safe cam 15+: Bits 8, 9 in result list 5
Safe cam 16+: Bits 12, 13 in result list 5
Safe cam 17+: Bits 16, 17 in result list 5
Safe cam 18+: Bits 20, 21 in result list 5

Safe cam 19+: Bits 0, 1 in result list 6

Safe cam 20+: Bits 4, 5 in result list 6
Safe cam 21+: Bits 8, 9 in result list 6
Safe cam 22+: Bits 12, 13 in result list 6
Safe cam 23+: Bits 16, 17 in result list 6
Safe cam 24+: Bits 20, 21 in result list 6

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-707
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Safe cam 25+: Bits 0, 1 in result list 7

Safe cam 26+: Bits 4, 5 in result list 7
Safe cam 27+: Bits 8, 9 in result list 7
Safe cam 28+: Bits 12, 13 in result list 7
Safe cam 29+: Bits 16, 17 in result list 7
Safe cam 30+: Bits 20, 21 in result list 7

Displayed monitoring status (NCK/drive (%3, %4)):

-- OFF = monitoring inactive in this monitoring channel
-- OK = monitoring active in this monitoring channel, limit values not
violated
-- L+ = monitoring active in this monitoring channel, upper limit value
violated
-- L-- = monitoring active in this monitoring channel, lower limit value
violated
Response Alarm display
NC start disable in this channel
A STOP F was initiated. If a safety monitoring function was active, then
a STOP B was also automatically initiated. It is then necessary to
power--down/power--up the control (power on).
Remedy Drive parameters r9711[0,1] (diagnostics, result list 2 [NCK, drive]) or
r9735[0,1] / r9736[0,1] / r9737[0,1] /r9738[0,1] / r9739[0,1] (diagnostics,
result list 3/4/5/6/7 [NCK, drive]) can be used for further diagnostics.
Further, diagnostics is possible using the servo trace signals ”Result list
2/3/4/5/6/7 NCK” and ”Result list 2/3/4/5/6/7 drive”.
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27105 Axis %1, difference in safe cam minus function %2, NCK: %3,
drive: %4
Parameter %1 = axis name, spindle number
%2 = number of the cam
%3 = monitoring status, safe cam minus
%4 = monitoring status, safe cam minus
Explanation In the crosswise comparison of result list 2 (”Safe cams” function) or
result list 3/4/5/6/7 (”Safe cam track” function) a difference was
identified between the NCK and drive monitoring channels in the
monitoring state of the safe cam minus monitoring function.
The following applies to the ”Safe cams” function:
Safe cam 1--: Bits 2, 3 in result list 2
Safe cam 2--: Bits 6, 7 in result list 2
Safe cam 3--: Bits 10, 11 in result list 2
Safe cam 4--: Bits 14, 15 in result list 2

© Siemens AG 2015 All Rights Reserved

10-708 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

The following applies to the ”Safe cam track” function:

(each of the result lists 3--7 includes 6 cam results)
Safe cam 1--: Bits 2, 3 in result list 3
Safe cam 2--: Bits 6, 7 in result list 3
Safe cam 3--: Bits 10, 11 in result list 3
Safe cam 4--: Bits 14, 15 in result list 3
Safe cam 5--: Bits 18, 19 in result list 3
Safe cam 6--: Bits 22, 23 in result list 3

Safe cam 7--: Bits 2, 3 in result list 4

Safe cam 8--: Bits 6, 7 in result list 4
Safe cam 9--: Bits 10, 11 in result list 4
Safe cam 10--: Bits 14, 15 in result list 4
Safe cam 11--: Bits 18, 19 in result list 4
Safe cam 12--: Bits 22, 23 in result list 4

Safe cam 13--: Bits 2, 3 in result list 5

Safe cam 14--: Bits 6, 7 in result list 5
Safe cam 15--: Bits 10, 11 in result list 5
Safe cam 16--: Bits 14, 15 in result list 5
Safe cam 17--: Bits 18, 19 in result list 5
Safe cam 18--: Bits 22, 23 in result list 5

Safe cam 19--: Bits 2, 3 in result list 6

Safe cam 20--: Bits 6, 7 in result list 6
Safe cam 21--: Bits 10, 11 in result list 6
Safe cam 22--: Bits 14, 15 in result list 6
Safe cam 23--: Bits 18, 19 in result list 6
Safe cam 24--: Bits 22, 23 in result list 6

Safe cam 25--: Bits 2, 3 in result list 7

Safe cam 26--: Bits 6, 7 in result list 7
Safe cam 27--: Bits 10, 11 in result list 7
Safe cam 28--: Bits 14, 15 in result list 7
Safe cam 29--: Bits 18, 19 in result list 7
Safe cam 30--: Bits 22, 23 in result list 7

Displayed monitoring status (NCK/drive (%3, %4)):

-- OFF = monitoring inactive in this monitoring channel
-- OK = monitoring active in this monitoring channel, limit values not
violated
-- L+ = monitoring active in this monitoring channel, upper limit value
violated
-- L-- = monitoring active in this monitoring channel, lower limit value
violated

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-709
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Alarm display

NC start disable in this channel
A STOP F was initiated. If a safety monitoring function was active, then
a STOP B was also automatically initiated. It is then necessary to
power--down/power--up the control (power on).
Remedy Drive parameters r9711[0,1] (diagnostics, result list 2 [NCK, drive]) or
r9735[0,1] / r9736[0,1] / r9737[0,1] /r9738[0,1] / r9739[0,1] (diagnostics,
result list 3/4/5/6/7 [NCK, drive]) can be used for further diagnostics.
Program
r Clear the alarm with the RESET key. Restart the part program.
continuation

27106 Axis %1, difference for function safely reduced speed nx, NCK:
%2, drive: %3
Parameter %1 = axis name, spindle number
%2 = monitoring status, safely reduced speed nx
%3 = monitoring status, safely reduced speed nx
Explanation In the crosswise data comparison of result list 2 between the NCK and
drive monitoring channels, a difference in the monitoring state of the
safely reduced speed monitoring nxwas detected.
-- Safely reduced speed nx+: Bits 16, 17 in result list 2
-- Safely reduced speed nx --: Bits 18, 19 in result list 2
Displayed monitoring status (NCK/drive (%2, %3)):
-- OFF = monitoring inactive in this monitoring channel
-- OK = monitoring active in this monitoring channel, limit values not
violated
-- L+ = monitoring active in this monitoring channel, upper limit value
violated
-- L-- = monitoring active in this monitoring channel, lower limit value
violated
Response Alarm display
NC start disable in this channel
A STOP F was initiated. If a safety monitoring function was active, then
a STOP B was also automatically initiated. It is then necessary to
power--down/power--up the control (power on).
Remedy For further diagnostics refer to the drive parameters r9711[0], r9711[1]
and the servo--trace signals ”result list 2 NCK” and ”result list 2 drive”.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

© Siemens AG 2015 All Rights Reserved

10-710 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27107 Axis %1, difference in cam modulo monitoringfunction, NCK:

%2, drive: %3
Parameter %1 = axis name, spindle number
%2 = monitoring status, safe cam modulo range
%3 = monitoring status, safe cam modulo range
Explanation In the crosswise data comparison of result list 2 between the NCK and
drive monitoring channels, a difference was detected in the monitoring
status of the cam modulo range monitoring. Safe cam modulo range:
Bits 20, 21 in result list 2
Displayed monitoring status (NCK/drive (%2, %3)):
-- OFF = monitoring inactive in this monitoring channel
-- OK = monitoring active in this monitoring channel, limit values not
violated
-- L+ = monitoring active in this monitoring channel, upper limit value
violated
-- L-- = monitoring active in this monitoring channel, lower limit value
violated
Response Alarm display
NC start disable in this channel
A STOP F was initiated. If a safety monitoring function was active, then
a STOP B was also automatically initiated. It is then necessary to
power--down/power--up the control (power on).
Remedy For further diagnostics refer to the drive parameters r9711[0], r9711[1]
and the servo--trace signals ”result list 2 NCK” and ”result list 2 drive”.
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27110 Axis %1 data transfer error, index %2

Parameter %1 = axis name, spindle number
%2 = index in the crosswise data comparison
Explanation Communication errors between the NCK and drive have meant that for
three times in a row, the crosswise data comparison of the data with
the specified index was not able to be carried out.
Response Alarm display
In addition, a STOP F is initiated, that can result in the subsequent
Alarm 27001 with fault IDs 0, 27023 and 27024. Alarm 27001 with fault
ID 0 can be prevented using the alarm reduction (MD10094
$MA_SAFE_ALARM_SUPPRESS_LEVEL greater than or equal to 1).
Remedy Check the connections between the NCK and drive
Check the configuring of the PROFIBUS telegram (e.g. SI slot
configured).
Check the assignment between the NCK SI axis and SI slot (MD36906
$MA_SAFE_CTRLOUT_MODULE_NR, MD10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS).
Check the assignment of the telegram configuration for the slave OM.
Check and ensure that the EMC conditions are complied with.
Replace the hardware

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-711
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Program
r Clear the alarm with the RESET key. Restart the part program.
continuation

27111 Axis %1 encoder evaluation error of the safe actual value

Parameter %1 = axis name, spindle number
Explanation The redundantly determined safety--related actual value does not
match the actual value -- with fine resolution -- of the same encoder.
Response Alarm display
In addition, a STOP F is initiated, that can result in the subsequent
Alarm 27001 with fault IDs 0, 27023 and 27024. Alarm 27001 with fault
ID 0 can be prevented using the alarm reduction (MD10094
$MA_SAFE_ALARM_SUPPRESS_LEVEL greater than or equal to 1).
Remedy Check the encoder mounting
Check the encoder parameterization
Check NCK_MD(MD36916 $MA_SAFE_ENC_IS_LINEAR, $MD36917
$MA_SAFE_ENC_GRID_POINT_DIST, MD36918
$MA_SAFE_ENC_RESOL and the drive parameter field r0979)
For DRIVE--CLiQ encoders, also check NCK--MD36924
$MA_SAFE_ENC_NUM_BITS, MD36929 $MA_SAFE_ENC_CONF
and drive parameter r047x
For DRIVE--CLiQ linear encoders, additionally check NCK--MD36909
$MA_SAFE_ENC_MEAS_STEPS_RESOL and MD36913
$MA_SAFE_ENC_MEAS_STEPS_POS and drive parameter r0469 /
r0473
Check and ensure that the EMC conditions are complied with.
Replace the hardware
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

© Siemens AG 2015 All Rights Reserved

10-712 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27112 Axis %1 CRC error of the safe actual value

Parameter %1 = axis name, spindle number
Explanation When checking the data consistency of the safe actual value (CRC), an
error was detected.
Possible causes for the alarm being permanently present:
-- The NCK monitoring channel for safety motion monitoring does not
communicate with the monitoring channel of the assigned drive, but
that of another axis.
-- Error in the encoder parameterization
-- Incorrect encoder evaluation type
-- Communication errors between the NCK and drive
Response Alarm display
In addition, a STOP F is initiated, that can result in the subsequent
Alarm 27001 with fault IDs 0, 27023 and 27024. Alarm 27001 with fault
ID 0 can be prevented using the alarm reduction (MD10094
$MA_SAFE_ALARM_SUPPRESS_LEVEL greater than or equal to 1).
Remedy Check the assignment of the drive via HW Config, MD36906
$MA_SAFE_CTRLOUT_MODULE_NR, MD10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS and p0978 for correctness.
Check the encoder mounting
Check the encoder parameterization
Check NCK--MD (MD36916 $MA_SAFE_ENC_IS_LINEAR, MD36917
$MA_SAFE_ENC_GRID_POINT_DIST, MD36909
$MA_SAFE_ENC_RESOL) and the drive parameter field r0979
For DRIVE--CLiQ encoders: Check NCK--MD (MD36924
$MA_SAFE_ENC_NUM_BITS, MD36929 $MA_SAFE_ENC_CONF)
and drive parameter r047x.
For DRIVE--CLiQ linear encoders, also check NCK--MD MD36909
$MA_SAFE_ENC_MEAS_STEPS_RESOL and MD36913
$MA_SAFE_ENC_MEAS_STEPS_POS and drive parameter r0469 /
r0473.
Check whether the encoder evaluation was replaced (SMI, SMC, SME)
Check whether the encoder evaluation type was exchanged (SMx,
DRIVE--CLiQ encoder).
Check the encoder ID in MD$MA_SAFE_ENC_IDENT
Check and ensure that the EMC conditions are complied with.
Replace the hardware
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-713
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27113 Axis %1 hardware encoder fault of the safety--related actual value

Parameter %1 = axis name, spindle number
Explanation The encoder evaluation signals a hardware fault.
The following causes are possible:
-- Dirty optical encoder evaluation
-- Signal transfer problems
-- Missing encoder number after replacing the encoder (involves
encoders with serial number, built--in motors or third--party motors)
Response Alarm display
In addition, a STOP F is initiated, that can result in the subsequent
Alarm 27001 with fault IDs 0, 27023 and 27024. Alarm 27001 with fault
ID 0 can be prevented using the alarm reduction (MD10094
$MA_SAFE_ALARM_SUPPRESS_LEVEL greater than or equal to 1).
Remedy After adjusting the encoder, initiate that the encoder serial number is
transferred (only applicable for absolute encoders).
Check and ensure that the EMC conditions are complied with.
Replace the encoder hardware
rProgram Clear the alarm with the RESET key. Restart the part program.
continuation

27124 Stop A initiated for at least one axis

Explanation This alarm only indicates that Stop A has been initiated in at least one
axis and power on is required to acknowledge the alarm. This alarm is
output if the alarm priority function was activated in MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL.
Response Alarm display
Interface signals are set
”Pulse cancellation” is initiated for the axis involved.
Remedy Locate the cause of the error by evaluating additional alarm messages
r
Program Switch--off – switch--on the control
continuation

27132 Axis %1 checksum group error safe monitoring. Confirmation and

acceptance test required!
Parameter %1 = axis name, spindle number
Explanation A checksum protects the relevant MD to parameterize the axis--specific
safety functionality. The alarm indicates that at least one of the axis--
specific checksums no longer matches the saved checksum, i.e. that
either a data item was illegally changed or is corrupt.
This alarm is displayed during the commissioning phase (SPL--commis-
sioning mode active) as axis--specific group alarm for checksums
alarms 27032, 27035 and 27060. MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL can be used to further
reduce the alarm display so that only one alarm is displayed for all axes
(global group alarm 27135).

© Siemens AG 2015 All Rights Reserved

10-714 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Response Alarm display

Interface signals are set
Mode group not ready
Channel not ready
NC start disable in this channel
NC stop for alarm
Remedy Check MD Have the checksum re--calculated. Check the hardware
components and drive assignment. Safety functions (motion monitoring
functions) should be subject to a new acceptance test.
r
Program Switch--off – switch--on the control
continuation

27135 Checksum group error safe monitoring on at least one axis.

Confirmation and acceptance test required!
Explanation A checksum protects the relevant MD to parameterize the axis--specific
safety functionality. The alarm indicates that at least on one axis, at
least one of the axis--specific checksums no longer matches the saved
checksum, i.e. that a data item was illegally changed or is corrupt.
This alarm is displayed during the commissioning phase (SPL--commis-
sioning mode active) as global group alarm for the axis--specific check-
sum alarm 27132. This alarm reduction is parameterized in MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL (100 position set).
Response Alarm display
Interface signals are set
Mode group not ready
Channel not ready
NC start disable in this channel
NC stop for alarm
Remedy Check MD Have the checksum re--calculated and confirm. Check the
hardware components and drive assignment. Safety functions (motion
monitoring functions) should be subject to a new acceptance test.
rProgram Switch--off – switch--on the control
continuation

27140 Wait for Motor Module for at least one axis

Explanation Alarm when booting as long as the Motor Module of at least one axis is
still not ready for SI. When booting, communications to the Motor
Module have still not been established as the safety functions for at
least one axis are still not available.
The alarm display can be set in MD10094 $MN_SAFE_ALARM_SUP-
PRESS_LEVEL (MD < 3) in such a way that it can be individually dis-
played as to whether communications have already been established
for each axis.
The alarm is continuously active when booting if at least one drive does
not communicate. Otherwise, the alarm is only briefly present and is
then automatically cleared again.
Possible causes for the alarm being permanently present:

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-715
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

-- The safety motion monitoring functions are only activated in

MD36901 $MA_SAFE_FUNCTION_ENABLE, however, not in the
corresponding parameter of the associated drive (p9501).
-- The axis --> drive assignment via MD36906
$MA_SAFE_CTRLOUT_MODULE_NR, 10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS or p0978 is incorrect
-- PROFIBUS connector fallen out.
Response Alarm display
Interface signals are set
Remedy Check that parameter p9501 or the assignment of the drives via
MD36906 $MA_SAFE_CTRLOUT_MODULE_NR, MD10393
$MN_SAFE_DRIVE_LOGIC_ADDRESS, p0978 is correct.
r
Program The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

27200 PROFIsafe: cycle time %1 [ms] is too long

Parameter %1 = parameterized cycle time
Explanation The PROFIsafe communication cycle time resulting from MD10098
$MN_PROFISAFE_IPO_TIME_RATIO and MD10071 $MN_IPO_CY-
CLE_TIME exceeds the permissible limit value of 25 ms.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the cycle time using MD10098 $MN_PROFI-
SAFE_IPO_TIME_RATIO or reduce the IPO cycle.
Program
r The alarm is initiated when booting if parameterized too long.
continuation No program can be started. Only clear the alarm with POWER ON.

27201 PROFIsafe: MD %1[%2]: Bus segment %3 error

Parameter %1 = MD name
%2 = MD field index
%3 = parameterized bus segment
Explanation An incorrect bus segment was entered in the specified machine data.
The value must be 5.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the specified MD.

© Siemens AG 2015 All Rights Reserved

10-716 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Program
r The alarm is initiated when booting. No program can be started. Only
continuation clear the alarm with POWER ON.

27202 PROFIsafe: MD %1[%2]: Address %3 error

Parameter %1 = MD name
%2 = MD field index
%3 = parameterized PROFIsafe address
Explanation The PROFIsafe address, parameterized in the specified MD is
incorrect. The value must be greater than 0.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD.
r
Program The alarm is initiated when booting. No program can be started. Only
continuation clear the alarm with POWER ON.

27203 PROFIsafe: MD %1[%2]: Incorrect SPL assignment

Parameter %1 = MD name
%2 = MD field index
Explanation The SPL coupling in the displayed MD is incorrect. Possible causes:
-- Bit value greater than in the definition of the SPL interface (bit value
>maximum bit value)
-- Number of bits higher than the number of bits per slot (upper bit
value -- lower bit value > 32)
-- Number of bits too high for this PROFIsafe module (upper bit value
-- lower bit value + 1> 8)
-- No SPL assignment was parameterized (both bit values are equal to
zero)
-- Incorrect SPL assignment (bit value equal to zero)
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the displayed MD.
r
Program The alarm is initiated when booting. No program can be started. Only
continuation clear the alarm with POWER ON.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-717
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27204 PROFIsafe: Double assignment MD %1[%2] -- MD %3[%4]

Parameter %1 = MD name 1
%2 = MD field index for MD name 1
%3 = MD name 2
%4 = MD field index for MD name 2
Explanation A double assignment has been illegally parameterized in the specified
machine data.
Several input terminals of PROFIsafe modules parameterized at the
same $A_INSE. MD involved:
-- MD10388 $MN_PROFISAFE_IN_ASSIGN
Several $A_OUTSE parameterized at the same output of a PROFIsafe
module. MD involved:
-- MD13301 $MN_PROFISAFE_OUT_FILTER
Several substitute values of passive SPL couplings parameterized to
the same $A_INSE. MD involved:
-- MD10388 $MN_PROFISAFE_IN_ASSIGN
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the displayed MD.
rProgram The alarm is initiated when booting. No program can be started. Only
continuation clear the alarm with POWER ON.

27205 PROFIsafe: Number of signals in MD %1[%2] < > MD %3[%4]

Parameter %1 MD name 1
%2 MD field index to the MD name 1
%3 MD name 2
%4 MD field index to the MD name 2
Explanation The parameterized number of signals used must be the same in both
machine data.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the specified MD.
r
Program The alarm is initiated when booting. No program can be started. Only
continuation clear the alarm with POWER ON.

© Siemens AG 2015 All Rights Reserved

10-718 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27206 PROFIsafe: MD %1[%2] max. number of F net data (%3 bits)

exceeded
Parameter %1 MD name
%2 MD field index to the MD name
%3 max. F net data bits
Explanation Data parameterized in the specified machine data lie outside the F net
(useful) data area of the F module.
Note
When displaying machine data MD10386/10387 $MN_PROFI-
SAFE_IN/OUT_ADDRESS, the sub--slot address parameterized in the
machine data exceeds the F net data area of the F module.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the specified MD.
r
Program Switch control system OFF and ON again.
continuation

27207 PROFIsafe: MD %1[%2] max. sub--slot number: %3 exceeded

Parameter %1 MD name
%2 MD field index to the MD name
%3 max. sub--slot address
Explanation The sub--slot parameterized in the specified machine data exceeds the
max. permissible number of sub slots per PROFIsafe module.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Reduce the number of sub--slots by changing the F net (useful) data
distribution of the PROFIsafe module.
r
Program Switch control system OFF and ON again.
continuation

27208 PROFIsafe: MD %1[%2] max. sub--slot address %3 exceeded

Parameter %1 MD name
%2 MD field index to the MD name
%3 max. sub--slot address
Explanation An excessively high sub--slot address was entered in the specified MD.
The entered value may not exceed the displayed maximum sub--slot
address.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-719
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Mode group not ready

Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Correct the MD
r
Program Switch control system OFF and ON again.
continuation

27220 PROFIsafe: Number of NCK F modules (%1) <> number of S7

F modules (%2)
Parameter %1 = number of parameterized NCK--F modules
%2 = number of parameterized S7--F modules
Explanation The number of F modules parameterized using the NCK machine data
MD10386/10387 $MN_PROFISAFE_IN/OUT_ADDRESS is:
-- greater than the number of PROFIBUS slaves in the configured S7
PROFIBUS
-- less than the number of F modules in the configured S7 PROFIBUS
-- greater than the number of F modules in the configured S7
PROFIBUS
If the specified number of S7 F modules = 0, then none of the F
modules, configured in the S7--PROFIBUS configuration were found.
Generally, the cause of this alarm is an error in the parameterization of
the PROFIsafe master address.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the F parameterization in MD10386/10387 $MN_PROFI-
SAFE_IN/OUT_ADDRESS.
Check the F configuration in the S7 PROFIBUS configuration.
Check the parameterized PROFIsafe master address in MD10385
$MN_PROFISAFE_MASTER_ADDRESS and S7 PROFIBUS
configuration.
rProgram Switch the control OFF -- ON.
continuation

27221 PROFIsafe: NCK F module MD %1[%2] unknown

Parameter %1 = MD name
%2 = MD field index
Explanation The F module parameterized in the specified machine data is unknown
under this PROFIsafe address in the S7 configuration.

© Siemens AG 2015 All Rights Reserved

10-720 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Response Mode group not ready

Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the PROFIsafe addresses in the NCK--MD and S7--I/O
(peripherals) configuration
Program
r Switch control system OFF and ON again.
continuation

27222 PROFIsafe: S7 F module PROFIsafe address %1 unknown

Parameter %1 = PROFIsafe address
Explanation The F module with the specified PROFIsafe address has not been
parameterized as an F module in the NCK MD
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the S7 PROFIBUS configuration. Register the module in the
NCK MD
r
Program Switch control system OFF and ON again.
continuation

27223 PROFIsafe: NCK F module MD %1[%2] is not a %3 module

Parameter %1 = MD name
%2 = MD field index
%3 = module type
Explanation The F module parameterized in the specified NCK MD has not been
designated as an appropriate input/output module in the S7 PROFIBUS
configuration.
-- %3 = INPUT: NCK F parameterization expects an INPUT module
-- %3 = OUTPUT: NCK F parameterization expects an OUTPUT
module
-- %3 = IN/OUT: NCK F parameterization expects an INPUT/OUTPUT
module
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the module in the S7 PROFIBUS configuration

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-721
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Program
r Switch control system OFF and ON again.
continuation

27224 PROFIsafe: F module MD %1[%2] MD %3[%4]: Double

assignment PROFIsafe--Adresse
Parameter %1 = MD name 1
%2 = MD field index 1
%3 = MD name 2
%4 = MD field index 2
Explanation In the NCK MD or in the S7 F parameters, the same PROFIsafe
address has been parameterized for the F modules parameterized in
the specific machine data. This means that a clear communications
relationship between the F master and F slave is not possible.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check and correct the S7 F parameterization and NCK--MD.
Program
r Switch control system OFF and ON again.
continuation

27225 PROFIsafe: Slave %1, configuration error, %2

Parameter %1 = PROFIBUS slave address
%2 = configuration error
Explanation An error has occurred during the evaluation of the S7 PROFIBUS
configuration for the specific slave. This is further specified in alarm
parameter %2.
%2 = PRM header: The PRM telegram for this slave could not be
clearly interpreted (is currently not initiated).
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the S7 PROFIBUS configuration and correct.
r
Program Switch control system OFF and ON again.
continuation

© Siemens AG 2015 All Rights Reserved

10-722 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27240 PROFIsafe: PLC not booted, information: %1

Parameter %1 = actual information from the PROFIsafe boot NCK--PLC
Explanation There is no PROFIsafe configuration available to the NCK after the
time specified using the MD10120 $MN_PLC_RUNNINGUP_TI-
MEOUT.
The current status of the PROFIsafe boot NCK--PLC is displayed in the
alarm text:
-- 0 = configuration not available, interface to the NCK is not
supported by FB15.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Increase MD10120 $MN_PLC_RUNNINGUP_TIMEOUT
check the PLC operating state
check the PLC operating system software release
delete the F parameterization in the NCK--MD
rProgram Switch control system OFF and ON again.
continuation

27241 PROFIsafe: Version different, NCK: %1, PLC: %2, (%3)

Parameter %1 = version of the interface on the NCK side
%2 = version of the interface on the PLC side
%3 = internal identifier of the interface
Explanation The interface required has been implemented differently for the NCK
and PLC components. The F communications cannot be initialized.
The alarm text contains the following information:
-- Version of the interface on the NCK side (%1)
-- Version of the interface on the PLC side (%2)
-- Internal identifier of the interface (%3)
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Check the PLC operating system and correct NCK software versions.
Upgrade the PLC operating system.
Delete NCK F parameterization.
rProgram Switch control system OFF and ON again.
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-723
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27242 PROFIsafe: F module %1, %2 faulty

Parameter %1 = PROFIsafe address
%2 = F parameter error
Explanation An error was detected while evaluating F parameters.
The incorrect F parameter is specified in alarm parameter %2:
-- CRC1: CRC error, F parameters.
-- F_WD_Timeout: The monitoring time parameterized in Step 7 is too
short for the PROFIsafe cycle time set using MD10098 $MN_PRO-
FISAFE_IPO_TIME_RATIO.
-- CRC2_Len: Incorrect length of the telegram CRC.
-- F_Data_Len: Incorrect telegram length has been defined for the
specified module.
-- F_Check_SeqNr: The direction--specific CRC functionality is not
supported.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Remedy Depending on the fault cause specified in alarm parameter %2, the
following remedy is necessary: CRC1: General PLC reset, reload the
S7 F configuration.
-- CRC1: General PLC reset, reload the S7 F configuration.
-- F_WD_Timeout: Re--parameterize the PROFIsafe clock cycle time
or F monitoring time.
-- CRC2_Len: General PLC reset, reload the S7 F configuration.
-- F_Data_Len: General PLC reset, reload the S7 F configuration.
-- F_Check_SeqNr: Change the configuration of the F module
involved.
Program
r Switch control system OFF and ON again.
continuation

© Siemens AG 2015 All Rights Reserved

10-724 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27250 PROFIsafe: Configuration in DP--M was changed; error code %1

= %2
Parameter %1 = NCK project number
%2 = current PLC project number
Explanation The DP master indicates a modified S7 PROFIBUS configuration.
Error--free operation can no longer be guaranteed.
Response Mode group not ready
Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
Communication with the F slaves is exited.
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Remedy Restart the PLC/NCK
Program
r Switch control system OFF and ON again.
continuation

27251 PROFIsafe: F module %1, %2 signals an error %3

Parameter %1 = PROFIsafe address or name
%2 = signaling components (master/slave)
%3 = error detection
Explanation There is a communication error between the F master and the specified
F module.
The component that detected the error is displayed in %2:
-- Master: Error was detected in the F master.
-- Slave: Error was detected in the F slave.
If the alarm was detected in the ”F--Slave” then the following error IDs
(%3) are possible:
-- CN: An error was discovered in the telegram sequence.
-- CRC: A CRC error was detected
-- TO: The parameterized communication timeout has been exceeded
or the PROFIsafe address was incorrectly set.
-- LBF: Communication error, telegram mirroring
If the alarm was detected in the ”F--master” then the following error IDs
(%3) are possible:
-- CN: An error was detected in the telegram sequence
-- CRC: A CRC error was detected
-- TO: The parameterized communication timeout has been exceeded
-- EA: F slave sends empty telegrams
-- TF: Time overflow
All of the specified values for %3 can, depending on the error profile,
also be displayed in a combination.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-725
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Mode group not ready

NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Fail--safe values were activated for the specified module.
Remedy Check the I/O bus. Restart the F slave modules. Restart the NCK/PLC.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

27252 PROFIsafe: Slave/Device %1, bus %2, sign--of--life error

Parameter %1 = slave/device ID
%2 = bus to which the slave/device is connected
Explanation The specified DP slave or the PN device no longer communicates with
the master controller.
Response Mode group not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Stop of the PROFIsafe driver involved. Stopped PROFIsafe driver of
type F--DI or F--DIO F modules -- output fail--safe values (0) towards
the SPL as F net data.
Remedy Check the DP/PN wiring. Restart the F modules. Restart the NCK/PLC.
r
Program Clear the alarm with the RESET key. Restart the part program.
continuation

27253 PROFIsafe: Communications fault F master component %1, error

%2
Parameter %1 = faulty components
%2 = error detection
Explanation The F master signals a communications error between the NCK and
PLC.
The component with error is specified in %1:
-- PLC: The PLC no longer executes the OB40 request.
-- PLC--DPM: DP master is no longer in the OPERATE state.
The fault ID in %2 provides more detailed information about the cause:
-- 1, 2, 4 PLC processing of the OB40 not finished.

© Siemens AG 2015 All Rights Reserved

10-726 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Response Mode group not ready

Channel not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Stop of the PROFIsafe driver involved. Stopped PROFIsafe driver of
type F--DI or F--DIO F modules -- output fail--safe values (0) towards
the SPL as F net data.
Remedy Extend the PROFIsafe cycle time using MD10098 $MN_PROFI-
SAFE_IPO_TIME_RATIO.
Program
r Remove the fault. After changing the F clock cycle, POWER ON
continuation

27254 PROFIsafe: F module %1, error on channel %2; %3<ALSI>

Parameter %1 = PROFIsafe address or name
%2 = channel type, channel number
%3 = supplementary info, system variables -- field index
Explanation The F module signals that an error has occurred in the interface of the
specified channel. The alarm is only triggered for ET200 F modules.
The type of channel (input or output channel) is displayed in %2 using
the IN and OUT abbreviation).
Using parameter %3, a specific alarm message can be configured on
the HMI for each of the listed system variables
-- 1....64: Error in system variables $A_INSE[1...64]
-- 65...128: Error in system variables $A_OUTSE[1...64]
-- 321...448: Error in system variables $A_INSE[65..192]
-- 449...576: Error in system variables $A_OUTSE[65..192]
-- --1: Error in the input or output channel for which there is no SPL
assignment.
Response Mode group not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Remedy Check the wiring. Wiring OK: Replace the F module.
r
Program Remove the error and press RESET.
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-727
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27255 PROFIsafe: F module %1, general error

Parameter %1 = PROFIsafe address or name
Explanation The specified PROFIsafe module signals an error: More detailed
information on the cause of the error cannot be made without further
resources.
This alarm is initiated for all types of PROFIsafe slaves.
Response Mode group not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Remedy Check the wiring
r
Program Remove the error and press RESET.
continuation

27256 PROFIsafe: Actual cycle time %1 [ms] > parameterized cycle time
Parameter %1 = actual PROFIsafe communications cycle time
Explanation The actual PROFIsafe communication cycle time is greater than the
value set using MD10098 $MN_PROFISAFE_IPO_TIME_RATIO. The
parameterized PROFIsafe communication cycle time is continually
exceeded on the PLC side.
Response Mode group not ready
NC start disable in this channel
Interface signals are set
Alarm display
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Remedy Adapt the cycle time using MD $MN_PROFISAFE_IPO_TIME_RATIO.
As a minimum, the value displayed in %1 must be set.
The selected cycle time has an effect on the runtime utilization of the
PLC module. This must be taken into account in the setting.
r
Program Remove the error and press RESET
continuation

27257 PROFIsafe: %1 %2 signals a system error %3 (%4)

Parameter %1 = communication type
%2 = PROFIsafe address or name of the F module
%3 = error detection
%4 = component
Explanation A system error was detected within the scope of the PROFIsafe com-
munication. Depending on the error, the particular PROFIsafe driver is
stopped or the complete PROFIsafe communication.

© Siemens AG 2015 All Rights Reserved

10-728 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

The following displays are possible for communication type (%1):

-- F modules
-- SPL
One of the following F components (%2) can be involved:
-- PROFIsafe address or the name of the F module involved (for com-
munication type = F module)
-- ”--” (for communication type = SPL)
One of the following error causes is possible (see fault ID %3):
-- SF: Asynchronous fault state (StateFault)
-- SP: The SPL input/output data are not updated (SPL I/O--communi-
cation)
The specified error IDs, depending on the error profile, can also be
displayed in a combination.
One of the following components (%4) can be involved:
-- NCK
-- PLC
Response NC start disable in this channel
Alarm display
Mode group not ready
Channel not ready
NC stop for alarm
Interface signals are set
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Stop of the PROFIsafe driver involved. Stopped PROFIsafe driver of
type F--DI or F--DIO F modules -- output fail--safe values (0) towards
the SPL as F net data.
Remedy Power--down/power--up the control (power on). If this fault occurs
again, contact the service department.
rProgram Switch--off – switch--on the control
continuation

27299 PROFIsafe: Diagnostics %1 %2 %3 %4

Parameter %1 error ID 1
%2 error ID 2
%3 error ID 3
%4 error ID 4
Explanation Errors in the PROFIsafe configuration.
The component (PLC or NCK), which detected the error, is specified in
the alarm text.
Response Alarm display
Remedy With the error text, open a support request at:
http://www.siemens.com/automation/support--request
Program
r Switch--off – switch--on the control
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-729
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27300 F_DP: Cycle time %1[ms] is too long

Parameter %1 parameterized cycle time
Explanation The cycle type of the F_DP communication resulting from MD13320
$MN_SAFE_SRDP_IPO_TIME_RATIO and MD10071 $MN_IPO_CY-
CLE_TIME exceeds the permissible limit value of 250 ms.
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
Channel not ready for operation
NC stop for alarm
Remedy Correct cycle time using MD13320
$MN_SAFE_SRDP_IPO_TIME_RATIO and/or
MD10071$MN_IPO_CYCLE_TIME
r
Program Switch--off – switch--on the control
continuation

27301 F_DP: MD %1[%2]: SPL coupling incorrect

Parameter %1 = MD name
%2 = MD field index
Explanation The SPL coupling in the displayed MD is incorrect. Possible causes:
-- Bit value greater than in the definition of the SPL interface (bit value
>maximum bit value)
-- Too many bits (higher bit value -- lower bit value > 16)
-- No SPL assignment was parameterized (both bit values are equal to
zero)
-- Incorrect SPL assignment (bit value equal to zero)
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
Channel not ready
NC stop for alarm
Remedy Correct the displayed MD
r
Program Switch--off – switch--on the control
continuation

© Siemens AG 2015 All Rights Reserved

10-730 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27302 F_DP: Double assignment MD %1[%2] -- MD %3[%4]

Parameter %1 = MD name 1
%2 = MD field index for MD name 1
%3 = MD name 2
%4 = MD field index for MD name 2
Explanation A double assignment has been illegally parameterized in the specified
machine data.
SPL inputs ($A_INSE) are assigned a multiple number of times by the
F_DP communication. MD involved:
-- MD13346 $MN_SAFE_RDP_ASSIGN:
F net data of an F_SENDDP are assigned a multiple number of times
by sub--slots MD involved:
-- MD13337 $MN_SAFE_SDP_FILTER:
Logical basis addresses are assigned a multiple number of times by
various SPL connections MD involved:
-- MD13334 $MN_SAFE_SDP_LADDR, MD13344
$MN_SAFE_RDP_LADDR:
Connection numbers are assigned a multiple number of times by
various SPL connections MD involved:
-- MD13333 $MN_SAFE_SDP_CONNECTION_NR, MD13343
$MN_SAFE_RDP_CONNECTION_NR:
Parameter DP_DP_ID is assigned a multiple number of times by
various SPL connections MD involved:
-- MD13331 $MN_SAFE_SDP_ID, MD13341 $MN_SAFE_RDP_ID:
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
Channel not ready
NC stop for alarm
Remedy Correct the specified MD
rProgram Switch--off – switch--on the control
continuation

27303 F_DP: Number of signals in MD %1[%2] < > MD %3[%4]

Parameter %1 = MD name 1
%2 = MD field index for MD name 1
%3 = MD name 2
%4 = MD field index for MD name 2
Explanation In machine data MD13336/13346 $MN_SAFE_SDP/RDP_ASSIGN,
MD13337/13347 $MN_SAFE_SDP/RDP_FILTER
a different number of F net data signals was parameterized.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-731
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Alarm display

NC start disable in this channel
Interface signals are set
Mode group not ready
Channel not ready
NC stop for alarm
Remedy Correct the specified MD
Program
r Switch--off – switch--on the control
continuation

27305 F_DP: Parameter MD %1[%2] < > MD %3[%4]

Parameter %1 = MD name 1
%2 = MD field index for MD name 1
%3 = MD name 2
%4 = MD field index for MD name 2
Explanation An SPL connection with several SPL couplings (sub--slots) was para-
meterized, where different values are entered in the F_DP communica-
tion parameters or the connection numbers (%1 and %3).
Note
SPL couplings (sub--slots) of an SPL connection are designated using
the same values for:
-- F_DP communication parameters
-- SPL connection number
The following NCK machine data can be involved:
-- MD13334/13344 $MN_SAFE_SDP/RDP_LADDR or
-- MD13335/13345 $MN_SAFE_SDP/RDP_TIMEOUT or
-- MD13333/13343 $MN_SAFE_SDP/RDP_CONNECTION_NR
-- MD13338/13348 $MN_SAFE_SDP/RDP_ERR_REAC
-- MD13349 $MN_SAFE_RDP_SUBS
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
Channel not ready
Remedy Correct the specified MD
r
Program Switch--off – switch--on the control
continuation

© Siemens AG 2015 All Rights Reserved

10-732 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27306 F_DP: Max. number of active SPL connections (%1) for (%2)
exceeded
Parameter %1 = maximum number of possible SPL connections
%2 = communication type
Explanation In the active parameterizing data sets for the specified communication
type (F_SENDDP/FRECVDP), more than the permissible number of
SPL connections, designated using different IDs (MD13331/13341
$MN_SAFE_SDP/RDP_ID), were parameterized.
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
Channel not ready
Remedy Correct the identifiers of the active SPL connections or deactivate the
SPL connections (MD13330/13340 $MN_SAFE_SDP/RDP_ENA-
BLE_MASK).
Set the option for an extended number of connections.
Program
r Switch--off – switch--on the control
continuation

27350 F_DP: %1 communication, connection %2 signals error %3

Parameter %1 = communication type
%2 = name or DP_DP_ID of the communication relationship
%3 = error detection
Explanation There is an F_DP communication error with the external communica-
tion partners and the programmed error response is
$A_FSDP_/FRDP_ERR_REAC = 0 or 1.
The following displays are possible for communication type (%1):
-- F_SENDDP
-- F_RECVDP
As connection (%2), the name of the DP_DP_ID (ID) or the SPL
connection is displayed.
One of the following error causes is possible (see fault ID %3):
-- SN: An error was detected in the telegram sequence.
-- CRC: A CRC error was detected.
-- TO: The parameterized communication timeout has been exceeded.
All of the specified error IDs, depending on the error profile, can also be
displayed in a combination.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-733
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Alarm display

NC start disable in this channel
Interface signals are set
Mode group not ready
-- F_SENDDP/F_RECVDP: System variable $A_FSDP/FRDP_ER-
ROR = TRUE
-- F_SENDDP/F_RECVDP: System variable $A_FSDP/FRDP_DIAG
<> 0
-- F_RECVDP: System variable $A_FRDP_ACK_REQ = TRUE
-- F_RECVDP: Output of the substitute values specified in the system
variable $A_FRDP_SUBS
-- For programmed error response $A_FSDP_/FRDP_ERR_REAC =
0, in addition an alarm and STOP D/E are initiated
Remedy Check the PROFIBUS communication and the communication partner.
Note
Only the F_DP communication is acknowledged for a user acknowledg-
ment via DB18.FRDP_ACK_REI. The alarm is still displayed and must
be separately acknowledged using NC--RESET.
rProgram Remove the error and issue a user acknowledgment via a channel_1
continuation reset.

27351 F_DP: %1 communication, connection %2 signals error %3

Parameter %1 = communication type
%2 = name or DP_DP_ID of the SPL connection
%3 = error detection
Explanation There is an F_DP communication error with the external communica-
tion partners and the programmed error response is
$A_FSDP_/FRDP_ERR_REAC = 2 (alarm, only display).
The following displays are possible for communication type (%1):
-- F_SENDDP
-- F_RECVDP
As connection (%2), the name or the DP_DP_ID (ID) of the F_DP
connection relationship is displayed.
One of the following error causes is possible (see fault ID %3):
-- SN: An error was detected in the telegram sequence.
-- CRC: A CRC error was detected.
-- TO: The parameterized communication timeout has been exceeded.
All of the specified error IDs, depending on the error profile, can also be
displayed in a combination.
Response Alarm display
1. F_SENDDP/F_RECVDP: System variable $A_FSDP/FRDP_ER-
ROR = TRUE
2. F_SENDDP/F_RECVDP: System variable $A_FSDP/FRDP_DIAG
<>0
3. F_RECVDP: System variable $A_FRDP_ACK_REQ = TRUE
4. F_RECVDP: Output of the substitute values specified in the system
variable $A_FRDP_SUBS

© Siemens AG 2015 All Rights Reserved

10-734 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

Remedy Check the PROFIBUS communication and the communication partner.

User acknowledgment via DB18.FRDP_ACK_REI or NC--RESET
Program
r The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

27352 F_DP: communication error %1, error %2

Parameter %1 = faulty components (NCK/PLC)
%2 = error detection
Explanation Communication between the NCK and PLC can no longer function.
Component with error where the communication error occurred (%1):
-- PLC: The PLC was not able to process the OB40 request for F_DP
communication within the maximum monitoring time of 500ms.
The following error cause is possible (see fault ID %2):
-- <> 0: PLC processing of the OB40 not finished.
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Processing stop of the F_DP communication is initiated.
Stopped SPL connections -- type F_RECVDP -- output fail--safe values
(0) in the direction of the SPL as F net data.
Remedy Check and possibly increase the F_DP clock cycle
r
Program Switch control system OFF and ON again.
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-735
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

27353 F_DP: actual cycle time %1 [ms] > , parameterized cycle time
Parameter %1 = actual F_DP communications cycle time
Explanation The actual F_DP communication cycle time is greater than the value
set using MD13320 $MN_SAFE_SRDP_IPO_TIME_RATIO. The para-
meterized communication cycle time is continually exceeded on the
PLC side.
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
NC stop for alarm
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Remedy Adapt the cycle time using MD13320
$MN_SAFE_SRDP_IPO_TIME_RATIO.
As a minimum, the value displayed in %1 must be set.
The selected cycle time has an effect on the runtime utilization of the
PLC module.
This must be taken into account in the setting.
rProgram Remove the error and press RESET
continuation

27354 F_DP: %1 communication, connection %2 signals SFC%3 error

%4
Parameter %1 = communication type
%2 = name or DP_DP_ID of the communication relationship
%3 = SFC block number
%4 = error detection
Explanation There is an F_DP communication error with the external communica-
tion partner. When attempting to access via the parameterized inter-
face, the PLC signaled an error.
The following displays are possible for communication type (%1):
-- F_SENDDP
-- F_RECVDP
As connection (%2), the name or the identifier (DP_DP_ID) of the
F_DP connection relationship is displayed.
Further, the PLC block (%3) is displayed, which identified an error, and
the error cause based on the error ID (%4).
This alarm can be suppressed using MD10096 $MN_SAFE_DIAGNO-
SIS_MASK, bit 2 = 1.
Response Alarm display
Remedy Check the PROFIBUS communication and the communication partner.
Check the parameterized logical basis address in MD13334/13344
$MN_SAFE_SDP/RDP_LADDR.
r
Program Remove the error and press RESET
continuation

© Siemens AG 2015 All Rights Reserved

10-736 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

27355 F_DP: %1 communication, connection %2 signals system error

%3 (%4)
Parameter %1 = communication type
%2 = name or DP_DP_ID of the SPL connection
%3 = error detection
%4 = component
Explanation A system error was detected within the scope of the F_DP communica-
tion. Depending on the error, the particular SPL connection or the
complete F_DP communication is stopped.
The following displays are possible for communication type (%1):
-- F_SENDDP
-- F_RECVDP
-- SPL
As connection (%2) the following displays are possible:
-- Name or DP_DP_ID (ID) of the SPL connection (for communication
type = F_SENDDP or F_RECVDP)
-- ”--” (for communication type = SPL)
One of the following error causes is possible (see fault ID %3):
-- SF: Asynchronous fault state (StateFault)
-- LS: Sign--of--life monitoring (LifeSign)
-- TD: Discrepancies in the F telegram data (TelegramDiscrepancy)
-- OD: Discrepancies in the output data (OutputdataDiscrepancy)
-- For communication type = F_SENDDP:
$A_FSDP_ERR_REAC -- <FSDP_ERR_REAC/>
-- For communication type = F_RECVDP:
$A_FRDP_SUBS -- <FRDP_SUBS/>
$A_FRDP_ERR_REAC -- <FRDP_ERR_REAC/>
-- SP: The SPL input/output data are not updated (SPL I/O--communi-
cation)
The specified error IDs, depending on the error profile, can also be
displayed in a combination.
Further, the component involved (%4) is displayed in the alarm text:
-- NCK
-- PLC
-- System variables (for error identifier = OD)
Response Alarm display
NC start disable in this channel
Mode group not ready
Channel not ready
NC stop for alarm
Interface signals are set
A STOP D/E is initiated (this can be set using MD10097
$MN_SAFE_SPL_STOP_MODE) on all axes with safety functionality.
Stopped SPL connections -- type F_RECVDP -- output fail--safe values
(0) in the direction of the SPL as F net data.
Remedy Power--down/power--up the control (power on). If this fault occurs
again, contact the service department.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-737
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Program
r Switch control system OFF and ON again.
continuation

27801 Safety operating mode inconsistent: MD ”%1” = %2 ;

PLC configuration = %3
Parameter %1: $MN_SAFE_MODE
%2: Value from $MN_SAFE_MODE
%3: Value of the PLC configuration
Explanation The value in MD13370 $MN_SAFE_MODE does not match the value
of the PLC configuration.
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
NC Stop on alarm at end of block
Channel not ready
Remedy Standardize the safety operating mode by adapting in MD13370
$MN_SAFE_MODE or the PLC configuration.
If a --1 is displayed for the value of the PLC configuration, the following
applies: The safety operating mode defined in the PLC configuration is
not permitted. The PLC configuration must be changed.
r
Program Switch control system OFF and ON again.
continuation

27810 Axis %1: Safety operating mode inconsistent: $MN_SAFE_MODE

= %2; MD: ”%3” = %4
Parameter %1: Axis name, spindle number
%2: MD value
%3: MD name
%4: MD value
Explanation The safety operating mode parameterized using MD13370
$MN_SAFE_MODE does not match the safety enables parameterized
using the displayed machine data.
This alarm occurs in the following contexts:
-- For safety operating mode ”SINUMERIK Safety Integrated plus
(F--PLC)” the safety enables are set in MD36901
$MA_SAFE_FUNCTION_ENABLE.
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
NC Stop on alarm at end of block
Channel not ready
Stop cyclic SIC/SCC or PROFIsafe communication between the NCK
and drive.
Remedy Standardize the safety operating mode for all NC axes.

© Siemens AG 2015 All Rights Reserved

10-738 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.2NCK safety alarms for Sinumerik 840D sl

r
Program Switch control system OFF and ON again.
continuation

27811 Axis %1: Parameterizing error: MD %2[%3] invalid

Parameter %1: Axis name, spindle number
%2: MD name
%3: MD field index to the MD name
Explanation The parameterization of the displayed machine data is incorrect.
This alarm occurs in the following contexts:
-- When evaluating the SIC/SCC telegram number in MD13376
$MN_SAFE_INFO_TELEGRAM_TYPE or in drive parameter
p60122, an invalid SIC/SCC telegram number was identified (not
equal to 701)
-- Checking the logical basis addresses from MD13374
$MN_SAFE_INFO_DRIVE_LOGIC_ADDR has shown that a slot
with this address does not exist or the SIC/SCC telegram has an
incorrect length and the SIC/SCC communication cannot be
enabled.
-- Checking the logical basis addresses from MD13372
$MN_SAFE_PS_DRIVE_LOGIC_ADDR has shown that a slot with
this address does not exist and PROFIsafe communication cannot
be enabled.
Response Alarm display
NC start disable in this channel
Interface signals are set
Mode group not ready
NC Stop on alarm at end of block
Channel not ready
Stop cyclic SIC/SCC or PROFIsafe communication between the NCK
and drive.
Remedy Parameterize a valid SIC/SCC with telegram number (701)
Configure or parameterize using valid logical basis addresses for the
SIC/SCC slots or PROFIsafe slots
rProgram Switch control system OFF and ON again.
continuation

27813 Option ”F--Logic” not set, MD: ”%1” error

Parameter %1: MD name
Explanation Option for F logic MD19500 $ON_SAFE_PLC_LOGIC not available.
The safety operating mode ”SINUMERIK Safety Integrated plus
(F--PLC)” is set in MD13370 $MN_SAFE_MODE.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-739
Diagnostics 10/15
10.2 NCK safety alarms for Sinumerik 840D sl

Response Alarm display

NC start disable in this channel
Interface signals are set
Mode group not ready
NC Stop on alarm at end of block
Channel not ready
Stop cyclic SIC/SCC or PROFIsafe communication between the NCK
and drive.
Remedy Align option data and safety operating mode
r
Program Switch control system OFF and ON again.
continuation

27830 Axis %1: Control not ready for the ”safe brake test” integrated in
the drive”
Parameter %1: Axis name, spindle number
Explanation The request for the drive--integrated ”safe brake test” via the VDI inter-
face has been rejected by the motion control.
Response Alarm display
Remedy The alarm disappears if the conditions in the motion control for carrying
out the drive--integrated ”safe brake test” are fulfilled, or the request for
the drive--integrated ”safe brake test” is withdrawn.
Program
r The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

27900 Profibus--DP: SI fault, axis %1, code %2, value %3, time %4
Parameter %1 axis name, spindle number
%2 fault code of the drive (p9747)
%3 fault value of the drive (p9749)
%4 fault time of the drive (p9748)
Explanation The drive signals SI fault %2 with additional information %3 at instant in
time %4.
Response Alarm display
Remedy Fault codes/fault values, refer to the drive documentation.
r
Program The alarm is no longer displayed when the alarm cause has been
continuation removed. No other operator actions are required.

© Siemens AG 2015 All Rights Reserved

10-740 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

10.3 Safety messages for SINAMICS S120

10.3.1 General information

Note
In the HMI environment, faults and alarms are displayed specifying a six--digit
number that always starts with 2. For example, this means that F01600 is then
called 201600. In this Chapter, faults and alarms are described with numbers from
the SINAMICS environment.
In the HMI environment, faults and alarms are treated like alarms.

Differences between faults and alarms

Table 10-2 Differences between faults and alarms

Type Description
Faults What happens when a fault occurs?
S The appropriate fault reaction is initiated.
S Status signal ZSW1.3 is set.
S The fault is entered in the fault buffer.
How are the faults eliminated?
S Remove the cause of the fault.
S Acknowledge the fault.
Alarms What happens when an alarm occurs?
S Status signal ZSW1.7 is set.
S The alarm is entered into the alarm buffer.
How are alarms eliminated?
S Alarms are self acknowledging, that is, they are reset automatically when
the cause of the alarm has been eliminated.

Fault reactions
The standard fault responses according to PROFIdrive, that are used for safety,
are described in the Table 10-3. The OFF2 fault response is used as additional
stopping measure while the pulses are safely cancelled via the safety--related shut-
down paths.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-741
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Table 10-3 Fault reactions

Fault Response Description Safety stop

reaction response
OFF2 Internal/external S Instantaneous pulse suppression, the drive STOP A,
(OFF2) pulse disable ”coasts” to a standstill. Test stop
S The motor holding brake (if parameterized) is
closed immediately.
S Switch--on inhibit is activated.
OFF 3 Brakes along the S The drive is braked along the OFF3 down ramp STOP B
OFF 3 down (p1135) by immediately entering n_set = 0. (after r9556
ramp and then S When zero speed is detected, the motor holding has expired or
the pulses are brake (if parameterized) is closed. The pulses p9560 is fallen
cancelled are cancelled when the brake application time below, STOP
(p1217) expires. A is initiated)
S Zero speed is detected if the actual speed drops
below the threshold in (p1226) or if the monitor-
ing time (p1227) started when speed setpoint <=
speed threshold (p1226) has expired.
STOP 2 n_set = 0 S The drive is braked along the OFF 3 down ramp STOP C
(Halt 2) (p1135) by immediately entering n_set = 0.
S The drive remains in closed--loop speed control.

Acknowledging faults
The list of faults and alarms specifies how to acknowledge each fault after the
cause has been eliminated.

Table 10-4 Acknowledging faults

List Description
POWER The fault is acknowledged by a POWER ON (switch drive unit off and on again).
ON Note:
If the fault cause has still not been resolved, then the fault is immediately displayed again
after booting.
Re--establishing communications to the NCK or PLC after a communication failure has
been detected to this component is an exception. In this case, just the same as for a
normal boot, the fail--safe values are activated, however the alarms present are acknowl-
edged for a new communication failure.

© Siemens AG 2015 All Rights Reserved

10-742 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

Table 10-4 Acknowledging faults, continued

List Description
IMMEDIA- Starting from a drive object, the fault can be acknowledged by the following methods:
TELY
1. Acknowledge by setting parameter:
p3981 = 0 --> 1
2. Acknowledge via binector inputs:
p2103 BI: 1. Acknowledge faults
p2104 BI: 2. Acknowledge faults
p2105 BI: 3. Acknowledge faults
3. Acknowledging using a PROFIBUS control signal:
STW1.7 = 0 --> 1 (edge)
Note:
S This fault can also be acknowledged using POWER ON.
S If the cause of the fault has not been removed the fault is not cleared after acknowledg-
ment.
S Faults from SH/SBC
The safe standstill (SH) function must be deselected
READY TO The fault can only be acknowledged in the READY state.
OPERATE In this state, the DC link is charged and the pulses are inhibited.

List of faults and alarms

Axxxxx Alarm xxxxx

Axxxxx (F, N) Alarm xxxxx (message type can be changed into F or N)
Fxxxxx Fault xxxxx
Fxxxxx (A, N) Fault xxxxx (message type can be changed to A or N)
Nxxxxx No message
Nxxxxx (A) No message (message type can be changed to A)
Cxxxxx Safety message (dedicated message buffer)

A message comprises a letter followed by the relevant number.

The meaning of the letters is as follows:
S A means ”Alarm”
S F means ”Fault”
S N means ”No message” or ”Internal message” or ”No report”
S C means ”Safety message”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-743
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

The optional brackets indicates whether the type specified for this message can be
changed and which message types can be selected via parameter.
Information about the response and acknowledgment are independently specified
for a message with adjustable message type (e.g. response to F, acknowledgment
for F).

10.3.2 List of faults and alarms

Note
S In the HMI environment, faults and alarms are displayed specifying a six--digit
number that always starts with 2. For example, this means that F01600 is then
called 201600. In this Chapter, faults and alarms are described with numbers
from the SINAMICS environment.
S In the HMI environment, faults and alarms are treated like alarms.

List of faults (Control Unit)

F01600 SI P1 (CU): STOP A initiated

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive on the Control
Unit has detected a fault and initiated a STOP A (STO via the safety
shutdown path of the Control Unit).
-- Forced checking procedure of the safety shutdown path of the
Control Unit unsuccessful.
-- Subsequent response to fault F01611 (defect in a monitoring
channel).
Fault value (r0949, interpret decimal):
0: Stop request from monitoring channel 2
1005: STO active, although STO not selected and there is no internal STOP
A present.
1010: STO inactive although STO is selected or an internal STOP A is
present.
9999: Subsequent response to fault F01611.

Remedy Select safe standstill and then deselect again.

-- Replace the Motor Module involved.
For fault value = 9999:
-- Carry out diagnostics for fault F01611 that is present.

© Siemens AG 2015 All Rights Reserved

10-744 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

F01611 SI P1 (CU): Defect in a monitoring channel

Response NONE (OFF1, OFF2, OFF3)
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in processor 1 has detected
a fault in the crosswise data comparison between the two monitoring
channels and has initiated STOP F.
As a result of this fault, after the parameterized transition has expired
(p9658), fault F01600 (SI P1 (CU): STOP A initiated) is output.
Fault value (r0949, interpret decimal):
0: Stop request from the Motor Module
1 to Number of the crosswise compared data that resulted in this fault.
999: This number is also displayed in r9795.
1: SI monitoring clock cycle (r9780, r9880).
2: SI enable safety functions (p9601, p9801). Only the supported bits
are crosswise compared.
3: SI SGE changeover, tolerance time (p9650, p9850).
4: SI transition time STOP F to STOP A (p9658, p9858).
5: SI enable safe brake control (p9602, p9802).
6: SI Motion, enable safety functions (p9501, internal value).
7: SI delay time of the pulse cancellation for Safe Stop 1 (p9652,
p9852).
9: Debounce time for STO/SBC/SS1 (MM) (p9651, p9851)
10: SI delay time for pulse suppression with ESR (p9697, p9897)
11: SI Safe Brake Adapter mode, BICO interconnection (p9621,
p9821).
12: SI Safe Brake Adapter relay on time (p9622[0], p9822[0]).
13: SI Safe Brake Adapter relay break time (p9622[1], p9822[1]).
14: SI PROFIsafe telegram selection (p9611, p9811).
1000: Check (watchdog) timer has expired. Within the time of approx. 5 x
p9650 too many switching operations have occurred at terminal EP
of the Motor Module.
1001: Initialization error, change timer/check timer.
1900: CRC error in sector SAFETY
1901: CRC error in sector ITCM
1902: Overwriting in sector ITCM has occurred in operation.
1903: Internal parameterizing error for CRC calculation.
1950: Module temperature outside the permissible temperature range.
1951: Module temperature not plausible.
2000: Status of the STO selection on the Control Unit and Motor Module are
different.
2001: Feedback signal for safe pulse cancellation on the Control Unit and
Motor Module are different.
2002: Status of the delay timer SS1 on the Control Unit and Motor Module
are different. (status of the timer in p9650/p9850).
2003: Status of the STO terminal for the two monitoring channels is
different.
6000.. Error in the PROFIsafe control.
6990: For these fault values, fail--safe control signals (fail--safe values) are
transferred to the safety functions.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-745
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

2005: Feedback signal of the safe pulse cancellation on the Control Unit
and Motor Modules connected in parallel are different.
6000: A critical error has occurred in the PROFIsafe communication.
6064.. Error when evaluating F parameters. The values of the transferred F
6071: parameters do not coincide with the values expected in the PROFI-
safe driver.
6064: Target address and PROFIsafe address differ (F_Dest_Add).
6065: Target address invalid (F_Dest_Add).
6066: Source address invalid (F_Source_Add).
6067: Watchdog time value invalid (F_WD_Time).
6068: Incorrect SIL level (F_SIL).
6069: Incorrect F--CRC length (F_CRC_Length).
6070: Incorrect F parameter version (F_Par_Version).
6071: CRC error for the F parameters (CRC1). The transferred CRC value
of the F parameters does not match the value calculated in the
PROFIsafe driver.
6072: F parameterization is inconsistent.
6165: When receiving the PROFIsafe telegram, a communication error was
detected. The fault can also occur, if after switching off and switching
on the Control Unit -- or after inserting the PROFIBUS--/PROFINET
cable -- an inconsistent or out of date PROFIsafe telegram was
received.
6166: When receiving the PROFIsafe telegram, a time monitoring error
(watchdog) was detected.

Remedy Re fault value = 1 to 5 and 7 to 999:

-- Check the crosswise compared data that resulted in a STOP F.
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.
For fault value = 6:
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the hydraulic module software.
-- Upgrade the Control Unit software.
For fault value = 1000:
-- Check the EP terminal at the Hydraulic Module (contact problems).
-- PROFIsafe: Resolve problems/faults at the PROFIBUS master/
PROFINET controller.

© Siemens AG 2015 All Rights Reserved

10-746 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

For fault value = 1001, 1002:

-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the hydraulic module software.
-- Upgrade the Control Unit software.
For fault value = 1900, 1901, 1902:
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the Control Unit software.
-- Replace the Control Unit.
For fault value = 2000, 2001, 2002, 2003, 2004, 2005:
-- Check the tolerance time SGE changeover and if required, increase
the value (p9650/p9850, p9652/p9852).
-- Check the wiring of the safety--related inputs (SGE) (contact
problems).
-- Check the causes for STO selection in r9772. For active SMM
functions (p9501 = 1), STO can also be selected as a result of these
functions.
-- Replace the hydraulic module involved.
Note: This fault can be acknowledged after resolving the cause of fault
and after selecting/deselecting STO.
For fault value 6000:
-- Carry out a POWER ON (power off/on) for all components.
-- Check whether there is a DRIVE--CLiQ communications error
between the two monitoring channels, and if required carry out a
diagnostics routine for the faults identified.
-- Set the monitoring cycles longer (p9500, p9511).
-- Upgrade firmware to later version.
-- Contact the Hotline.
-- Replace the Control Unit.
For fault value 6004:
-- Check the value setting in the F parameter F_Dest_Add at the
PROFIsafe slave.
-- Check the setting of the PROFIsafe address of the Control Unit
(p9610) and that of the Hydraulic Module (p9810).
For fault value 6065:
-- Check the value setting in the F parameter F_Dest_Add at the
PROFIsafe slave. The target address must not be 0 or FFFF!
For fault value 6066:
-- Check the value setting in the F parameter F_Source_Add at the
PROFIsafe slave. The source address must not be 0 or FFFF!
For fault value 6067:
-- Check the value setting in the F parameter F_WD_Time at the
PROFIsafe slave. The watchdog time value must not be 0!
For fault value 6068:
-- Check the value set in the F parameter F_SIL at the PROFIsafe
slave. The SIL must correspond to SIL2!

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-747
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

For fault value 6069:

-- Check the value setting in the F parameter F_CRC_Length at the
PROFIsafe slave. The setting of the CRC2 length is 2 byte CRC in
the V1 mode and 3 byte CRC in the V2 mode!
For fault value 6070:
-- Check the value setting in the F parameter F_Par_Version at the
PROFIsafe slave. The value for the F parameter version is 0 in the
V1 mode and 1 in the V2 mode!
For fault value 6071:
-- Check the value settings of the F parameters and the F parameter
CRC (CRC1) calculated from these at the PROFIsafe slave and if
required update.
For fault value 6072:
-- Check the setting of the F parameter values and when necessary,
correct.
The following combinations are permissible for F parameters
F_CRC_Length and F_Par_Version:
F_CRC_Length = 2 byte CRC and F_Par_Version = 0
F_CRC_Length = 3 byte CRC and F_Par_Version = 1
For fault value 6165:
-- When the fault occurs after the Control Unit boots, or after inserting
the PROFIBUS/PROFINET cable, acknowledge the fault.
-- Check the configuring and communication at the PROFIsafe slave.
-- Check the value setting of the F parameter F_WD_Time at the
PROFIsafe slave and possibly increase.
-- Check whether there is a DRIVE--CLiQ communications error
between the two monitoring channels, and if required carry out a
diagnostics routine for the faults identified.
-- Check whether the F parameters of the drive and the F parameters
of the F host match.
For fault value 6166:
-- Check the configuring and communication at the PROFIsafe slave.
-- Check the value setting of the F parameter F_WD_Time at the
PROFIsafe slave and possibly increase.
-- Evaluate the diagnostics information in the F host.
-- Check the PROFIsafe connection.
-- Check whether the F parameters of the drive and the F parameters
of the F host match.

© Siemens AG 2015 All Rights Reserved

10-748 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

N01620 (F, A) SI P1 (CU): Safe torque off active

Response NONE
Acknowledgment NONE
Explanation The ”Safe Torque Off” (STO) function of the basis functions has been
selected on the Control Unit (CU) via the input terminal and is active.
Note:
-- This message does not result in a safety stop response.
-- For STO selection using the extended functions, this message is not
output.
Remedy Not necessary.
Response for F OFF2
Acknowledgment for F IMMEDIATELY (POWER ON)
Response for A NONE
Acknowledgment for A NONE

N01621 (F, A) SI P1 (CU): Safe Stop 1 active

Response NONE
Acknowledgment NONE
Explanation The ”Safe Stop 1” (SS1) function has been selected on the Control Unit
(CU) and is active.
Note:
This message does not result in a safety stop response.
Remedy Not necessary.
Response for F OFF3
Acknowledgment for F IMMEDIATELY (POWER ON)
Response for A NONE
Acknowledgment for A NONE

F01625 SI P1 (CU): Sign--of--life error in safety data

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive on the Control
Unit (CU) has detected an error in the sign--of--life of the safety data
between the two monitoring channels and initiated a STOP A.
-- There is either a DRIVE--CLiQ communications error or communica-
tions have failed.
-- A time slice overflow of the safety software has occurred.
Fault value (r0949, interpret decimal):
Only for internal Siemens troubleshooting.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-749
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Remedy Select Safe Torque Off and then deselect again.

-- Carry out a POWER ON (power off/on) for all components.
-- Check whether there is a DRIVE--CLiQ communications error
between the two monitoring channels, and if required carry out a
diagnostics routine for the faults identified.
-- Deselect all drive functions that are not absolutely necessary.
-- Reduce the number of drives.
-- Check the electrical cabinet design and cable routing for EMC
compliance.

F01630 SI P1 (CU): Brake control defective

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive on the Control
Unit (CU) has detected a brake control fault and initiated a STOP A.
Fault value (r0949, interpret decimal):
Re fault value 10, 11:
Fault for ”Open brake”.
-- Parameter p1278 incorrectly set.
-- Brake not connected or interrupted cable (check whether for p1278
= 1 and p9602/p9802 = 0 (SBC switched--out) the brake opens).
Re fault value 20:
Fault in the ”Brake open” state.
-- Short--circuit in the brake winding.
For fault value 30, 31:
Fault for ”Close brake”.
-- Brake not connected or interrupted cable (check whether for p1278
= 1 and p9602/p9802 = 0 (SBC switched--out) the brake opens).
-- Short--circuit in the brake winding.
For fault value 40:
Fault in the ”Brake closed” state.
For fault value 50:
Fault in the brake control of the Control Unit or communications error
between the Control Unit and Motor Module (diagnostics of the brake
control).
For fault value = 80:
Safe Brake Adapter.
Fault in the brake control of the Control Unit or communications error
between the Control Unit and Motor Module (diagnostics of the brake
control).
For fault value = 90:
Brake released for service purposes (X4).

© Siemens AG 2015 All Rights Reserved

10-750 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

Remedy Check parameter p1278 (with SBC only p1278 = 0 is permissible).

-- Select Safe Torque Off and then deselect again
-- Check the setting of the power unit data set for a parallel connection
for the control of the holding brake (p7015).
-- Check the motor holding brake connection.
-- Check the function of the motor holding brake.
-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.
-- Check that the control cabinet is EMC--compliant and the cable
routing (e.g. connect the motor cable shield and brake conductors
with the shield connecting plate or screw the motor connector to the
enclosure).
-- Replace the Motor Module involved.
Operation with Safe Brake Module or Safe Brake Adapter:
-- Check the connection of the Safe Brake Module or Safe Brake
Adapter.
-- Replace the Safe Brake Module or Safe Brake Adapter.

F01649 SI P1 (CU): Internal software error

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation An internal error in the Safety Integrated software on the Control Unit
has occurred.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret as hexadecimal):
Only for internal Siemens troubleshooting.
Remedy Carry out a POWER ON (power off/on) for all components
-- Re--commission the ”Safety Integrated” function and carry out a
power on.
-- Upgrade the firmware of the Control Unit to a later version.
-- Contact the Hotline.
-- Replace the Control Unit.

F01650 SI P1 (CU): Acceptance test required

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive on monitoring
channel 1 requires an acceptance test.
Note:
This fault results in a STOP A that can be acknowledged.
Fault value (r0949, interpret as decimal)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-751
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

130: Safety parameters for monitoring channel 2 not available.

This fault value is always output when Safety Integrated is commis-
sioned for the first time.
1000: Reference and actual checksum on monitoring channel 1 are not
identical (boot).
-- At least one checksum--checked piece of data is defective.
-- Safety parameters set offline and loaded to the Control Unit.
2000: Reference and actual checksum on monitoring channel 1 are not
identical (commissioning mode).
-- Reference checksum incorrectly entered for monitoring channel 1
(p9799 not equal to r9798).
-- When deactivating the safety functions p9501 or p9503 not
deleted.
2001: Reference and actual checksum on monitoring channel 2 are not
identical (commissioning mode).
-- Reference checksum incorrectly entered for monitoring channel 2
(p9899 not equal to r9898).
-- When deactivating the safety functions p9501 or p9503 not
deleted.
2002: Enable of safety--related functions between both monitoring channels
differ (p9601 not equal to p9801).
2003: Acceptance test is required as a safety parameter has been
changed.
2004: Acceptance test required due to a project download with enabled
safety functions.
2005: The safety logbook has identified that a functional checksum has
changed. An acceptance test must be carried out.
2010: Safe brake control is enabled differently between both monitoring
channels (p9602 not equal to p9802).
2020: Error when saving the safety parameters for monitoring channel 2.
3003: An acceptance test is required, as one of the safety parameters
referred to the hardware has been changed.
3005: The safety logbook has identified that a functional checksum referred
to the hardware has changed. An acceptance test must be carried
out.
9999: Subsequent response of another safety fault that occurred when
powering up, which requires an acceptance test.

Remedy For fault value = 130:

-- Carry out safety commissioning routine.
For fault value = 1000:
-- Check the cycle time for the Safety Integrated basic functions
(r9780) and adapt the set checksum (p9799).
-- Repeat safety commissioning.
-- Replace the memory card or the Control Unit.
-- Activate the safety parameters for the drive involved using
STARTER (change settings, copy parameters, activate settings).

© Siemens AG 2015 All Rights Reserved

10-752 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

For fault value = 2000:

-- Check the safety parameters in the monitoring channel 1 and adapt
the reference checksum (p9799).
For fault value = 2001:
-- Check the safety parameters in the monitoring channel 2 and adapt
the reference checksum (p9899).
For fault value = 2002:
-- Check whether the safety functions are enabled on both monitoring
channels.
For fault value = 2003, 2004, 2005:
-- Carry out acceptance test and create test certificate. The procedure
when carrying out the acceptance test as well as an example for the
acceptance report can be found in the following reference:
SINAMICS S120 Safety Integrated Function Manual
The fault with fault value 2005 can only be acknowledged when the
”STO” function is deselected.
For fault value = 2010:
-- Check whether safe brake control is enabled on both monitoring
channels (p9602 = p9802).
For fault value = 2020:
-- Repeat safety commissioning.
-- Replace the memory card or the Control Unit.
For fault value = 3003:
-- Carry out function tests for the modified hardware and generate an
acceptance report. The procedure when carrying out the accep-
tance test as well as an example for the acceptance report can be
found in the following reference:
SINAMICS S120 Safety Integrated Function Manual
For fault value = 3005:
-- Carry out function tests for the modified hardware and generate an
acceptance report. The fault with fault value 3005 can only be
acknowledged when the ”STO” function is deselected.
For fault value = 9999:
-- Carry out diagnostics for the other safety--related fault that is
present.

F01651 SI P1 (CU): Synchronization, safety time slices unsuccessful

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function requires synchronization of the safety
time slices between the two monitoring channels and between the
Control Unit and the higher--level control. This synchronization routine
was not successful.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-753
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Fault value 121:

-- With SINUMERIK Safety Integrated enabled, a drive--side warm
restart was executed on the CU/NX.
-- With SINUMERIK Safety Integrated enabled, on a drive object of
the CU, the ”Restore factory setting” function was selected and a
drive--side warm restart initiated.
Fault value 150:
-- Fault in the synchronization to the PROFIBUS master.
All other values:
-- For Siemens internal fault diagnostics only.
See also: p9510 (SI Motion isochronous PROFIBUS master)
Remedy For fault value 121:
-- Carry out a common power on/warm restart for the higher--level
control and SINAMICS.
For fault value 150:
-- Check the setting of p9510 (SI Motion isochronous PROFIBUS
master), and if required correct.
Always:
-- Carry out a POWER ON (power off/on) for all components
-- Upgrade the Motor Module/Hydraulic Module software.
-- Upgrade the Control Unit software.
-- Upgrade the software of the higher--level control.

F01652 SI P1 (CU): Monitoring clock cycle not permissible

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation One of the Safety Integrated monitoring clock cycles is not permissible:
-- The monitoring clock cycle integrated in the drive cannot be main-
tained due to the communication conditions requested in the
system.
-- The monitoring clock cycle for the safety--related motion monitoring
functions with the higher--level control is not permissible (p9500).
-- The actual value sensing clock cycle for safe motion monitoring is
not permissible (p9511).
-- The sampling time for the current controller cannot be supported
(p0112, p0115[0]).
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
When motion monitoring is not enabled (p9601.2 = p9801.2 = 0, p9501
= 0), the following applies:
-- Minimum setting for the monitoring clock cycle (in μs).
-- If motion monitoring is enabled (p9601.2 = p9801.2 = 1 and/or
p9501 > 0), the following applies:

© Siemens AG 2015 All Rights Reserved

10-754 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

100: It was not possible to find an appropriate monitoring clock cycle.

101: The monitoring clock cycle is not an integer multiple of the actual
value clock cycle.
102: An error has occurred when transferring the actual value sensing
clock cycle to the Motor Module.
103: An error has occurred when transferring the actual value acquisition
clock cycle to the Sensor Module.
104, Four times the current controller sampling time is greater than 1 ms
105: for operation with non--clock--cycle synchronous PROFIBUS.
Four times the current controller sampling time is greater than the DP
clock cycle for operation with clock--cycle synchronous PROFIBUS.
The DP clock cycle is not an integer multiple of the current controller
sampling time

Remedy When the SI monitoring, integrated in the drive is enabled

(p9601/p9801 > 0).
-- Upgrade the firmware of the Control Unit to a later version.
When the motion monitoring is enabled (p9501 > 0):
-- Correct the monitoring clock cycle (p9500) and carry out a POWER
ON.
Re fault value = 101:
-- The actual value acquisition clock cycle corresponds to the position
control clock cycle/DP clock cycle (factory setting).
-- For the motion monitoring functions integrated in the drive
(p9601/p9801bit 2 = 1), the actual value acquisition clock cycle can
be directly parameterized in p9511/p9311.
Re fault value 104, 105:
-- Set your own actual value acquisition clock cycle in p9511.
-- Restrict operation to a maximum of two vector drives. For the
default settings in p0112, p0115, the current controller sampling time
is automatically reduced to 250 μs. If the default values have been
changed, then the current controller sampling time (p0112, p0115)
must be correspondingly set.
-- When operating with clock cycle synchronous PROFIBUS, increase
the DP clock cycle so that an integer clock cycle ratio of at least 4:1
is obtained between the DP clock cycle and the current controller
sampling time. We recommend a pulse duty factor of at least 8:1.
-- With firmware version 2.5, please ensure that in the drive parameter
p9510 is set to 1 (isochronous operation).

F01655 SI P1 (CU): Aligning the monitoring functions

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation An error has occurred when aligning the Safety Integrated monitoring
functions for the two monitoring channels. A common set of supported
SI monitoring functions was not able to be determined.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-755
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

-- DRIVE--CLiQ communications has an error or failed.

-- Safety Integrated software releases on the Control Unit and the
Motor Module/Hydraulic Module are not compatible with one
another.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret as hexadecimal):
Only for internal Siemens troubleshooting.
Remedy Carry out a POWER ON (power off/on) for all components
-- Upgrade the Motor Module/Hydraulic Module software.
-- Upgrade the Control Unit software.
-- Check the electrical cabinet design and cable routing for EMC
compliance.

F01656 SI CU: Parameter error monitoring channel 2

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation When accessing the Safety Integrated parameters for monitoring
channel 2 in the non--volatile memory, an error has occurred.
Note:
This fault results in a STOP A that can be acknowledged.
Fault value (r0949, interpret as decimal):
129: Safety parameters for monitoring channel 2 corrupted.
Drive with enabled safety functions possibly copied offline using the
commissioning software and the project downloaded.
131: Internal Motor Module/Hydraulic Module software error.
132: Communication errors when uploading or downloading the safety pa-
rameters for the monitoring channel 2.
255: Internal software error on the Control Unit.

Remedy Recommission the safety functions.

-- Upgrade the Control Unit software.
-- Upgrade the Motor Module/Hydraulic Module software.
-- Replace the memory card or the Control Unit.
For fault value = 129:
-- Activate the safety commissioning mode (p0010 = 95).
-- Adapt the PROFIsafe address (p9610).
-- Start the copy function for SI parameters (p9700 = D0 hex).
-- Acknowledge data change (p9701 = DC hex).
-- Exit the safety commissioning mode (p0010 = 0).
-- Save all parameters (p0977 = 1 or ”Copy RAM to ROM”).
-- Carry out a POWER ON (power off/on) for all components.
For fault value = 132:
-- Check the electrical cabinet design and cable routing for EMC
compliance.

© Siemens AG 2015 All Rights Reserved

10-756 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

F01659 SI P1 (CU): Write task for parameter rejected

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The write task for one or several Safety Integrated parameters on the
Control Unit (CU) was rejected.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, decimal):
1: The Safety Integrated password is not set.
2: A drive parameter reset was selected. However, the Safety Integrated
parameters cannot be reset as Safety Integrated is presently enabled.
3: The interconnected STO input is in the simulation mode.
10: An attempt was made to enable the SH (STO) function although this
cannot be supported.
11: An attempt was made to enable the SBC function although this cannot
be supported.
12: An attempt was made to enable the SBC function although this cannot
be supported for a parallel circuit configuration.
13: An attempt was made to enable the SS1 function although this cannot
be supported.
14: An attempt was made to enable the PROFIsafe communication alt-
hough this cannot be supported.
15: An attempt was made to enable the motion monitoring functions
integrated in the drive although this cannot be supported.
16: An attempt was made to enable the SH function although this cannot be
supported when the internal voltage protection (p1231) is enabled.
17: An attempt was made to enable the PROFisafe function although this
cannot be supported for a parallel circuit configuration.
18: An attempt was made to enable PROFIsafe for Basic Functions
although this cannot be supported.
19: An attempt was made to enable SBA (Safe Brake Adapter), although
this cannot be supported.
20: An attempt was made to enable motion monitoring functions integrated
in the drive and the STO function, both controlled via F--DI
23: An attempt was made to enable the pulse suppression delay for ESR,
although this cannot be supported.

See also: p0970 (reset infeed parameters), p3900 (complete fast com-
missioning), r9771 (SI common functions (Control Unit)), r9871
(SI common functions (Motor Module))
Remedy For fault value = 1:
-- Set the Safety Integrated password (p9761).
For fault value = 2:
-- Inhibit Safety Integrated and again reset the drive parameters.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-757
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

For fault value = 3:

-- Simulation mode for the digital input ended (p0795).
Re fault value = 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23:
-- Check whether there are faults in the safety function alignment
between the Control Unit and the Motor Module involved (F01655,
F30655) and if required, carry out diagnostics for the faults involved.
-- Use a Motor Module that supports the function ”Safe Torque Off”,
”Safe Brake Control” PROFIsafe/PROFIsafe V2”, ”motion monitor-
ing functions integrated in the drive”.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.
For fault value = 16:
-- Inhibit the internal voltage protection (p1231).
See also: p9501 (SI Motion enable safe functions), p9601 (SI enable
functions integrated in the drive (Control Unit)), p9620 (SI signal source
for SH/SBC/SS1 (Control Unit)), p9761 (SI password input), p9801
(SI enable functions integrated in the drive (Motor Module))

F01660 SI P1 (CU): Safety functions not supported

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The Motor Module/Hydraulic Module does not support the safety--
related functions (e.g. the Motor Module/Hydraulic Module version is
not the correct one).
Safety Integrated cannot be commissioned.
Note:
This fault does not result in a safety stop response.
Remedy Use a Motor Module/Hydraulic Module that supports the safety--related
functions.
-- Upgrade the Motor Module/Hydraulic Module software.

F01664 SI P1 (CU): No automatic firmware update

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation When booting it was identified that function ”Automatic firmware
update” (p7826 = 1) was not activated.
However, this is necessary for the automatic firmware update/down-
grade in order to avoid, when enabling the safety functions, an inadmis-
sible combination of versions.
Note:
This fault does not result in a safety stop response.
See also: p7826 (automatic firmware update)

© Siemens AG 2015 All Rights Reserved

10-758 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

Remedy With the safety functions enabled (p9501 <> 0 and/or p9601 <> 0):
1. Activate the ”Automatic firmware update” function (p7826 = 1).
2. Save parameters (p0977 = 1) and carry out a power on
When deactivating the safety functions (p9501 = 0, p9601 = 0), it was
not possible to acknowledge the fault after exiting the safety commis-
sioning mode.

F01670 SI Motion: Invalid Sensor Module parameterization

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The parameterization of a Sensor Module used for Safety Integrated is
not permissible.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
1: No encoder was parameterized for Safety Integrated.
2: An encoder was parameterized for Safety Integrated that does not have
an A/B (sine/cosine) track.
3: The encoder data set selected for Safety Integrated is still not valid.
4: The communications error with the encoder has occurred.
5: Number of relevant bits in the coarse encoder position invalid.
6: DRIVE--CLiQ encoder configuration invalid.
7: Non safety--relevant component of the encoder coarse position for linear
DRIVE--CLiQ encoder invalid.
8: Parameterized safety comparison algorithm not supported.
9: Ratio between the grid division and measurement step not binary for
linear DRIVE--CLiQ encoder.
10: For an encoder used for Safety Integrated, not all of the drive data sets
(DDS) are assigned to the same encoder data set (EDS) (p0187
...p0189).
11: The zero setting of a linear DRIVE--CLiQ encoder used in Safety
Integrated is not zero.
12: The second encoder is not parameterized (p9526 = 1 is not permis-
sible).
13: Hydraulic Module: A second encoder is not parameterized, and a
DRIVE--CLiQ encoder is not being used.

Remedy For fault value = 1, 2:

-- Use and parameterize an encoder that Safety Integrated supports
(encoder with A/B track, sinusoidal, p0404.4 = 1)
For fault value = 3:
-- Check whether the device or drive commissioning is active and if
required, initiate this (p0009 = p0010 = 0), save the parameters
(p0971 = 1) and carry out a power on.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-759
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

For fault value = 4:

-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Sensor Module involved and if
required, carry out a diagnostics routine for the faults identified.
For fault value = 6:
-- The encoder configuration data are corrupted or an encoder with
impermissible configuration data was used. Therefore, replace the
encoder or use a different type of encoder.
For fault value = 7:
-- p12033 for an encoder used for Safety Integrated is not equal to 1.
Use a linear DRIVE--CLiQ encoder, and parameterize where p12033
= 1.
For fault value = 8:
-- Check p9541. Use an encoder and parameterize it using an
algorithm supported by Safety Integrated.
For fault value = 9:
-- Check p9514 and p9522. Use an encoder and parameterize where
the ratio p9514 to p9522 is binary.
For fault value = 10:
-- Align the EDS assignment for all encoders used for Safety
Integrated (p0187 ...p0189).
For fault value 11:
-- Use a linear DRIVE--CLiQ encoder and parameterize where the
zero setting is equal to 0.
For fault value 12:
-- Parameterize an encoder for the second channel (p9526 > 1).
For fault value 13:
-- Parameterize a second encoder or use a DRIVE--CLiQ encoder.

F01671 SI Motion: Encoder parameterization error

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The parameterization of the encoder used for Safety Integrated is not
the same as the parameterization of the standard encoder.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):
Parameter number of the non--corresponding safety parameter.
Remedy Align the encoder parameterization between the safety encoder and the
standard encoder.

© Siemens AG 2015 All Rights Reserved

10-760 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

F01672 SI P1 (CU): Motor Module software/hardware not compatible

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The existing Motor Module software does not support the safe motion
monitoring, is incompatible to the software on the Control Unit or there
is a communication error between the Control Unit and Motor Module.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
1: The existing Motor Module software does not support the safety--
related motion monitoring.
2, 3, 6, 8: There is a communication error between the Control Unit and
Power Module.
4, 5, 7: The existing Motor Module software is incompatible to the soft-
ware on the Control Unit.
9,10,11,12: The existing Motor Module software does not support the
safety--related motion monitoring without encoder (sensorless).
13: At least one Motor Module in parallel operation does not support
the safe motion monitoring function.
Remedy Check whether there are errors in the safety function alignment
between the Control Unit and the Motor Module involved (F01655,
F30655) and if required, carry out diagnostics for the errors involved.
For fault value = 1:
-- Use a Motor Module that supports the safety--related motion
monitoring functions.
For fault value = 2, 3, 6, 8:
-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.
For fault value = 4, 5, 7, 9, 13:
-- Upgrade the Motor Module software.

F01673 SI Motion: Sensor Module software/hardware not compatible

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The existing Sensor Module software or hardware does not support the
safety--related motion monitoring with the higher--level control.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, decimal):
Only for internal Siemens troubleshooting.
Remedy Use a Sensor Module that supports the safety--related motion
monitoring functions.
-- Upgrade the Sensor Module software.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-761
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

F01680 SI Motion P1 (CU): Checksum error safe monitoring functions

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The actual checksum calculated by the drive and entered into r9728
over the safety--related parameters does not match the reference
checksum in p9729 saved when the machine was accepted the last
time. Safety--relevant parameters have been changed or there is a
fault.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
0: Checksum error for SI parameters for motion monitoring
1: Checksum error for SI parameters for actual values
2: Checksum error for SI parameters for component assignment

Remedy Check the safety--related parameters and if required correct.

-- Execute the ”Copy RAM to ROM” function.
-- Perform a POWER ON if safety parameters have been changed
that require a POWER ON.
-- Carry out an acceptance test.

C01681 SI Motion P1 (CU): Incorrect parameter value

Response for A: NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The parameter value may not be parameterized with this value.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):
Parameter number with the incorrect value
A detailed parameter description is provided in the SINAMICS
S120/S150 List Manual
Remedy Correct the parameter value.

© Siemens AG 2015 All Rights Reserved

10-762 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

F01682 SI Motion P1 (CU): Monitoring function not supported

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The monitoring function enabled in p9501, p9601 or p9801is not
supported in this firmware version.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
1: SLP monitoring function (SE) is not supported (p9501.1)
2: Monitoring function SCA (SN) is not supported (p9501.7 and p9501.8 --
15 and p9503)
3: Monitoring function SLS override (SG override) not supported (p9501.5)
10: Only the servo drive object supports monitoring functions.
20: Motion monitoring functions integrated in the drive only supported in
conjunction with PROFIsafe (p9501 and p9601.1 -- 2 and p9801.1 -- 2)
21: Enabling a safe motion monitoring function (in p9501) for enabled basis
functions via PROFIsafe (p9601.2 = 0, p9601.3 = 1) not supported.

Remedy De--select monitoring function involved (p9501, p9503, p9801).

F01683 SI Motion P1 (CU): SOS/SLS enable missing

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation In p9501, the safety--related basic function SOS/SLS has not been
enabled although other safety--related monitoring functions have been
enabled.
Note:
This fault does not result in a safety stop response.
Remedy Enable the function ”SOS/SLS” (p9501.0) and carry out a POWER ON.

F01684 SI Motion P1 (CU): Safely limited position limit values

interchanged
Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation For the function ”Safely limited position” (SLP), in p9534 there is a
value less than that in p9535.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-763
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

1: Limit values SLP1 interchanged

2: Limit values SLP2 interchanged

Remedy Correct the limit values in p9534 and p9535 and carry out a POWER
ON.

F01685 SI Motion P1 (CU): Safely limited speed limit value too high
Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The limit value for the function ”Safely limited speed” (SLS) is greater
than the speed that corresponds to an encoder limit frequency of
500 kHz.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):
Maximum permissible speed
Remedy Correct the limit values for SLS and carry out a POWER ON.

F01686 SI Motion: Cam position parameterization not permissible

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation At least one enabled ”safe cam” (SCA) is parameterized in p9536 or
p9537 too close to the tolerance range around the modulo position.
The following conditions must be maintained to assign cams to a cam
track:
-- The cam length of cam x = p9536[x]--p9537[x] must be greater than
or equal to the cam tolerance + the position tolerance (= p9540 +
p9542). This means that for cams on a cam track, the minus posi-
tion value must be less than the plus position value.
-- The distance between 2 cams x and y (minus position value[y] --
plus position value[x] = p9537[y] -- p9536[x]) on a cam track must
be greater than or equal to the cam tolerance + the position
tolerance (= p9540 + p9542).
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):
Number of the ”safe cam” with an illegal position.
See also: p9501 (SI Motion enable safety functions (Control Unit))
Remedy Correct the cam position and carry out a POWER ON.

© Siemens AG 2015 All Rights Reserved

10-764 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

F01687 SI Motion: Illegal parameterization of modulo value SCA (SN)

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The parameterized modulo value for the function ”safe cams” (SCA) is
not a multiple of 360 000 mDegree.
Note:
This fault does not result in a safety stop response.
Remedy Correct the modulo value for SCA and carry out a POWER ON.

F01688 SI Motion CU: Actual value synchronization not permissible

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation It is not permissible to enable actual value synchronization for a
1-encoder system.
-- Simultaneously enabling actual value synchronization and a moni-
toring function with absolute reference (SCA/SLP) is not permitted.
-- Simultaneously enabling actual value synchronization and safe posi-
tion via PROFIsafe is not permitted.
Note:
This fault results in a STOP A that cannot be acknowledged.
Remedy Either deselect the ”actual value synchronization” function or the moni-
toring functions with absolute reference (SCA/SLP) and carry out a
POWER ON.
-- Either deselect the ”Actual value synchronization” function -- or do
not enable ”Safe position via PROFIsafe”.

C01689 SI Motion: axis reconfigured

Response for A: OFF2
Acknowledgment POWER ON
Explanation The axis configuration was changed (e.g. changeover between a linear
axis and rotary axis).
Parameter p0108.13 is internally set to the correct value.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):
Parameter number of the parameter that initiated the change.
See also: p9502 (SI Motion axis type (Control Unit))
Remedy The following must be carried out after the changeover:
-- Exit the safety commissioning mode (p0010).
-- Save all parameters (p0977 = 1 or ”Copy RAM to ROM”).
-- Carry out a POWER ON.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-765
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Once the Control Unit has been powered up, safety message F01680
or F30680 indicates that the checksums at the drive in r9398[0] and
r9728[0] have changed. Therefore, the following must be carried out:
-- Reactivate the Safety commissioning mode.
-- Complete the safety commissioning of the drive.
-- Exit the safety commissioning mode (p0010).
-- Save all parameters (p0977 = 1 or ”Copy RAM to ROM”).
-- Carry out a POWER ON.
Note:
For the commissioning software, the units are only displayed
consistently after a project upload.

F01690 SI Motion: Data backup problems for NVRAM

Response for A: NONE (OFF1, OFF2, OFF3)
Acknowledgment POWER ON
Explanation To save parameters r9781 and r9782 (Safety logbook), there is not
enough memory space in the drive NVRAM.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):
0: There is no physical NVRAM available in the drive.
1: There is no longer any free memory space in the NVRAM.
Remedy For fault value = 0:
-- Use a Control Unit with NVRAM.
For fault value = 1:
-- Deselect functions that are not required and use the memory space
in the NVRAM.
-- Contact the Hotline.

A01698 (F) SI P1 (CU): Commissioning mode active

Response for A: NONE
Acknowledgment NONE
Explanation The commissioning of the ”Safety Integrated” function is selected. This
message is withdrawn after the safety functions have been commis-
sioned.
Note:
-- This message does not result in a safety stop response.
-- When in the safety commissioning mode, the ”STO” function is
internally selected
See also: p0010
Remedy Not necessary

© Siemens AG 2015 All Rights Reserved

10-766 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

A01699 (F) SI P1 (CU): Shutdown path test required

Response for A: NONE
Acknowledgment NONE
Explanation The time set in p9659 for the forced checking procedure of the safety
shutdown paths has been exceeded. The safety shutdown paths must
be re--tested.
After the next time that the ”STO” function is deselected, the message
is withdrawn and the monitoring time is reset.
Note:
-- This message does not result in a safety stop response.
-- The test must be performed within the specified maximum time
interval (p9659, maximum 9000 hours) in order to comply with the
specifications in the standard for detecting faults in time and the
conditions to calculate the failure rates of the safety functions
(PFH value).
Operation for longer than this maximum time period is permissible, if it
can be ensured that the forced checking procedure is performed before
persons, who are dependent on the safety functions correctly function-
ing, enter the hazardous area.
See also: p9659 (SI forced checking procedure, timer)
Remedy Select STO and then deselect again.

C01700 SI Motion P1 (CU): STOP A initiated

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The drive is stopped using a STOP A (the pulses are cancelled via the
safety shutdown path of the Control Unit).
Possible causes:
-- Stop request from the second monitoring channel.
-- STO not active after parameterized time (p9557) after the test stop
was selected.
-- Subsequent response of message C01706: ”SI Motion CU: SAM/
SBR limit exceeded”.
-- Subsequent response of message C01714 ”SI Motion: Safety
limited speed exceeded”.
-- Subsequent response of message C01701 ”SI Motion: STOP B
initiated”.
-- Subsequent response of message C01715 ”SI Motion CU: Safely
limited position exceeded”.
-- Subsequent response of message C01716 ”SI Motion CU:
Tolerance for safe direction of motion exceeded”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-767
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Remedy Remove the cause of the fault in the second monitoring channel.
-- Carry out diagnostics for message C01706.
-- Carry out diagnostics for message C01714.
-- Carry out diagnostics for message C01701.
-- Carry out diagnostics for message C01715.
-- Carry out diagnostics for message C01716.
-- Check the value in p9557 -- if required increase the value and carry
out a power on.
-- Check the shutdown path of the Control Unit (check DRIVE--CLiQ
communications if being used).
-- Replace the Motor Module or Power Module or Hydraulic Module.
-- Replace the Control Unit
This message can only be acknowledged as follows in the acceptance
test mode without POWER ON:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel, in the acceptance test mode only.

C01701 SI Motion P1 (CU): STOP B initiated

Response NO (OFF3)
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The drive is stopped using STOP B (braking along the OFF3 down
ramp).
As a result of this fault, after the time parameterized in p9556 has
expired or the speed threshold parameterized in p9560 has been fallen
below, message C01700 ”STOP A initiated” is output.
Possible causes
-- Stop request from the second monitoring channel.
-- Subsequent response of message C01714 ”SI Motion: Safety
limited speed exceeded”.
-- Subsequent response of message C01711 ”SI Motion: Defect in a
monitoring channel”.
-- Subsequent response of message C01707 ”SI Motion CU:
Tolerance for safe operating stop exceeded”.
-- Subsequent response of message C01716 ”SI Motion CU:
Tolerance for safe direction of motion exceeded”.
Remedy Remove the cause of the fault on the control and carry out a power on.
-- Carry out diagnostics for active message C01714.
-- Carry out diagnostics for active message C01711.
-- Carry out diagnostics for message C01707.
-- Carry out diagnostics for message C01715.
-- Carry out diagnostics for message C01716.
This message can only be acknowledged as follows in the acceptance
test mode without POWER ON:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel, in the acceptance test mode only.

© Siemens AG 2015 All Rights Reserved

10-768 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

C01706 SI Motion P1 (CU): SAM/SBR limit exceeded

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation Motion monitoring functions with encoder (p9506 = 0) -- or without
encoder with set acceleration monitoring (SAM, p9506 = 3):
-- After the initiation of STOP B (SS1) or STOP C (SS2), the speed
exceeded the selected tolerance value.
Motion monitoring functions without encoder with set brake ramp moni-
toring (SBR, p9506 = 1):
-- After the initiation of STOP B (SS1) or SLS switchover to the lower
velocity stage, the velocity has exceeded the selected tolerance.
The drive is stopped by the message C01700 ”STOP A initiated”.
Remedy Check the braking response, and if necessary adapt the parameteriza-
tion of the ”SAM” or ”SBR” function.
This message can be acknowledged as follows without a POWER ON:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel, in the acceptance test mode only.

C01707 SI Motion P1 (CU): Tolerance for safe operating stop exceeded

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The actual position has moved further away from the setpoint position
than permitted in the stop tolerance. The drive is stopped with message
C01701 ”SI Motion P1 (CU): STOP B initiated”.

Remedy Check whether additional safety faults are present and if required, carry
out the diagnostics for the faults involved.
-- Check whether the stop tolerance matches the accuracy and
dynamic performance of the axis.
-- Carry out a POWER ON.
This message can be acknowledged as follows without a POWER ON:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel, in the acceptance test mode only.

C01708 SI Motion P1 (CU): STOP C initiated

Response STOP2
Acknowledgment IMMEDIATELY (POWER ON)

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-769
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Explanation The drive is stopped using STOP C (braking along the OFF3 decelera-
tion ramp). ”Safe operating stop” (SOS) is activated after the para-
meterized timer has expired.
Possible causes:
-- Stop request from the higher--level control
-- Subsequent response of message C01714 ”SI Motion CU: Safety
limited speed exceeded”.
-- Subsequent response of message C01715 ”SI Motion CU: Safely
limited position exceeded”.
-- Subsequent response of message C01716 ”SI Motion CU:
Tolerance for safe direction of motion exceeded”.
See also: p9552 (SI Motion transition time STOP C to SOS (SBH)
(Control Unit))
Remedy Remove the cause of the fault on the control.
-- Carry out diagnostics for message C01714C01715/C01716.
This message can be acknowledged as follows:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel.

C01709 SI Motion P1 (CU): STOP D initiated

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The drive is stopped using STOP D (braking along the path). ”Safe
operating stop” (SOS) is activated after the parameterized timer has
expired.
Possible causes:
-- Stop request from the higher--level control
-- Subsequent response of message C01714 ”SI Motion CU: Safely
limited speed exceeded”.
-- Subsequent response of message C01715 ”SI Motion CU: Safely
limited position exceeded”.
-- Subsequent response of message C01716 ”SI Motion CU:
Tolerance for safe direction of motion exceeded”.
See also: p9553 (SI Motion transition time STOP D to SOS (SBH)
(Control Unit))
Remedy Remove the cause of the fault on the control and carry out a power on.
-- Carry out diagnostics for message C01714/C01715/C01716.
This message can be acknowledged as follows:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel

© Siemens AG 2015 All Rights Reserved

10-770 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

C01710 SI Motion P1 (CU): STOP E initiated

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The drive is stopped using STOP E (retraction motion).
”Safe operating stop” (SOS) is activated after the parameterized timer
has expired.
Possible causes:
-- Stop request from the higher--level control
-- Subsequent response of message C01714 ”SI Motion CU: Safety
limited speed exceeded”.
-- Subsequent response of message C01715 ”SI Motion CU: Safely
limited position exceeded”.
-- Subsequent response of message C01716 ”SI Motion CU:
Tolerance for safe direction of motion exceeded”.
See also: p9554 (SI Motion transition time STOP E to SOS (SBH)
(Control Unit))
Remedy Remove the cause of the fault on the control.
-- Carry out diagnostics for message C01714/C01715/C01716.
This message can be acknowledged as follows:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel

C01711 SI Motion P1 (CU): Defect in a monitoring channel

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation For a crosswise comparison, the drive found a difference between input
data or results of the monitoring functions and initiated a STOP F. One
of the monitoring functions no longer functions reliably, i.e. safe opera-
tion is no longer possible.
If at least one monitoring function is active, then after the parame-
terized timer has expired, message C01701 ”SI Motion P1 (CU): STOP
B initiated” is output.
The message value that resulted in a STOP F is displayed in r9725.
The message values described involve the crosswise data comparison
between the Control Unit and Motor Module.
If the drive is operated together with a SINUMERIK, the message
values are written to Alarm 27001 of the SINUMERIK 840D sl.
Remedy In general:
The monitoring clock cycles in both channels must be checked to
ensure that they are identical and if required, they must be set the
same.
For fault value = 0:
-- No error has been detected in this monitoring channel. Note the
error message of the other monitoring channel (for HM: C30711).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-771
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

For fault value = 4:

-- The monitoring clock cycles in both channels must be checked to
ensure that they are identical and if required, they must be set the
same.
Re fault value = 1 ... 999:
-- Check the crosswise compared parameters that resulted in the
STOP F, if required, copy the Safety parameters.
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.
-- Correct the encoder evaluation. The actual values differ due to
mechanical faults (transmission belts, traversing to mechanical limit,
wear and tolerance windows that have been set too narrow, encoder
faults, ...)
For fault value = 1000:
-- Investigate the signal associated with the safety--related input
(contact problems).
For fault value = 1001:
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.
For fault value = 1005:
-- Check the conditions for pulse enable.
For fault value = 1011:
-- For diagnostics, refer to parameter (r9571).
For fault value = 1012:
-- Upgrade the Sensor Module software.
For fault value = 1020, 1021:
-- Check the communication connection.
-- Carry out a POWER ON (power off/on) for all components.
-- Hardware exchange
Re fault value = 5000, 5014, 5023, 5024, 5030, 5031, 5032, 5042,
5043, 5052, 5053, 5068, 5072, 5073, 5082 ... 5087, 5090, 5091, 5122
... 5125, 5132 ... 5135, 5140:
-- Carry out a POWER ON (power off/on) for all components.
-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.
-- Upgrade firmware to later version.
-- Contact the Hotline.
-- Replace the Control Unit.
For fault value = 5012:
-- Check the setting of the PROFIsafe address of the Control Unit
(p9610) and that of the Motor Modules (p9810). The PROFIsafe
address must not be 0 or FFFF!
For fault value = 5013, 5025:
-- Carry out a POWER ON (power off/on) for all components.
-- Check the setting of the PROFIsafe address of the Control Unit
(p9610) and that of the Motor Modules (p9810).

© Siemens AG 2015 All Rights Reserved

10-772 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

-- Check whether there is a DRIVE--CLiQ communications error

between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.
For fault value = 5022:
-- Check the value settings of the F parameters at the PROFIsafe
slave (F_SIL, F_CRC_Length, F_Par_Version, F_Source_Add,
F_Dest_add, F_WD_Time).
For fault value = 5026:
-- Check the value settings of the F parameters and the F parameter
CRC (CRC1) calculated from this value at the PROFIsafe slave and
update.
For fault value = 5065:
-- Check the configuring and communication at the PROFIsafe slave
(Consecutive No./ CRC).
-- Check the value setting of the F parameter F_WD_Time at the
PROFIsafe slave and possibly increase.
-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.
For fault value = 5066:
-- Check the value setting of the F parameter F_WD_Time at the
PROFIsafe slave and possibly increase.
For fault value = 6000, 6072:
-- Carry out a POWER ON (power off/on) for all components.
-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.
-- Upgrade firmware release.
-- Contact the Hotline.
-- Replace the Control Unit.
For fault value = 6064:
-- Check the value setting in the F parameter F_Dest_Add at the
PROFIsafe slave.
-- Check the setting of the PROFIsafe address of the Control Unit
(p9610) and that of the Motor Modules (p9810).
For fault value = 6065:
-- Check the value setting in the F parameter F_Dest_Add at the
PROFIsafe slave. The target address must not be 0 or FFFF!
For fault value = 6066:
-- Check the value setting in the F parameter F_Source_Add at the
PROFIsafe slave. The source address must not be 0 or FFFF!
For fault value = 6067:
-- Check the value setting in the F parameter F_WD_Time at the
PROFIsafe slave. The watchdog time value must not be 0!
For fault value = 6068:
-- Check the value set in the F parameter F_SIL at the PROFIsafe
slave. The SIL must correspond to SIL2!

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-773
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

For fault value = 6069:

-- Check the value setting in the F parameter F_CRC_Length at the
PROFIsafe slave. The setting of the CRC2 length is 2 byte CRC in
the V1 mode and 3 byte CRC in the V2 mode!
For fault value = 6070:
-- Check the value setting in the F parameter F_Par_Version at the
PROFIsafe slave. The value for the F parameter version is 0 in the
V1 mode and 1 in the V2 mode!
For fault value = 6071:
-- Check the value settings of the F parameters and the F parameter
CRC (CRC1) calculated from these at the PROFIsafe slave and if
required update.
For fault value = 6165:
-- Check the configuring and communication at the PROFIsafe slave.
-- Check the value setting of the F parameter F_WD_Time at the
PROFIsafe slave and possibly increase.
-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.
For fault value = 6166:
-- Check the configuring and communication at the PROFIsafe slave.
-- Check the value setting of the F parameter F_WD_Time at the
PROFIsafe slave and possibly increase.
This message can be acknowledged as follows:
-- Motion monitoring functions integrated in the drive: Via Terminal
Module 54F (TM54F) or PROFIsafe
-- Motion monitoring functions with SINUMERIK: From the machine
control panel
See also: p9300 (SI Motion monitoring clock cycle (Motor Module)),
p9500 (SI Motion monitoring clock cycle (Control Unit))

© Siemens AG 2015 All Rights Reserved

10-774 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

C01714 SI Motion P1 (CU): Safety limited speed exceeded

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The drive has moved faster than that specified by the speed limit value
(p9531). The drive is stopped by the configured stop response (p9563).
Message value (r9749, interpret as decimal):
100: SLS1 exceeded
200: SLS2 exceeded
300: SLS3 exceeded
400: SLS4 exceeded
1000: Encoder limit frequency exceeded.
Remedy Check the traversing program on the control.
-- Check the limits for (SLS) and if required, adapt (p9531).
This message can be acknowledged as follows:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel

C01715 SI Motion P1 (CU): Safely limited position exceeded

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The axis has passed a parameterized position, which is monitored
using the ”SLP” function.
Message value (r9749, interpret as decimal):
10: SLP1 violated
20: SLP2 violated
Remedy Check the traversing program on the control.
-- Check the limits for the SLP function and if required adapt (p9534,
p9535).
This message can be acknowledged as follows:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel.

C01745 SI Motion P1 (CU): Check the braking torque for the brake test
Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation Parameter 2003 was used to change the scaling of the braking torque
for the braking test. A new acceptance test must be carried out for the
brake test. This identifies as to whether the brake test is still to be
carried out with the correct braking torque.
Remedy Carry out a power on for all components
-- Repeat the acceptance test for the safe brake test if the braking test
is used.
See also: p2003

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-775
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

C01750 SI Motion P1 (CU): Hardware fault, safety--related encoder

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The encoder that is used for the safety--related motion monitoring
functions outputs a hardware fault.
Message value (r9749, interpret as decimal):
Encoder status word 1, encoder status word 2, which resulted in the
message.
Remedy Check the encoder connection.
-- Replace the encoder.
This message can be acknowledged as follows:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel.
Note regarding encoder replacement for a third--party motor:
To acknowledge this safety message, the serial number of the encoder
must be copied.
This can be realized via p0440 = 1 or p1990 = 1.

C01751 SI Motion P1 (CU): Effectiveness test error, safety--related encoder

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The DRIVE--CLiQ encoder for the safe motion monitoring outputs an
error for the effectiveness test.
Message value (r9749, interpret as decimal):
For Siemens internal fault diagnostics only.
Remedy Check the encoder connection.
-- Replace the encoder.
This message can be acknowledged as follows:
-- Motion monitoring functions with SINUMERIK: From the machine
control panel.

A01780 SBT when selected, the brake is closed

Response NONE
Acknowledgment NONE
Explanation Not all of the brakes were open when selecting the brake test or
starting the brake test.
Alarm value (r2124, interpret binary):
Bit 0 = 1:
The internal brake is closed.
Bit 1 = 1:
The external brake is closed (p10230.5, p10235.5, p10202).
Note:
The alarm is also output if no brakes have been configured in p10202.

© Siemens AG 2015 All Rights Reserved

10-776 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

See also: p10202 (SI Motion SBT brake selection), p10230 (SI Motion
SBT control word), p10235 (SI Safety Control Channel control word
S_STW3B)
Remedy Open all of the brakes and reselect the brake test (p10230.0,
p10235.0).

A01781 SBT brake opening time exceeded

Response NONE
Acknowledgment NONE
Explanation The maximum time (11 s) to open the brake during the brake test has
been exceeded.
Possible causes:
-- During the brake test, the drive has gone into a fault condition, and
therefore the drive closed the brake.
-- For an external brake, the feedback signal ”Brake closed” was
signaled for an excessively long period of time (p10230.5, p10235).
Alarm value (r2124, interpret binary):
Bit 0 = 1:
Internal brake was not able to be opened.
Bit 1 = 1:
External brake was not able to be opened.
Remedy Perform a safe acknowledgment.
Restart the brake test (p10230.1, p10235.1).
See also: p10230 (SI Motion SBT control word), p10235 (SI Safety
Control Channel control word S_STW3B)

A01782 SBT brake test control with error

Response NONE
Acknowledgment NONE
Explanation The brake test was canceled due to incorrect control.
Alarm value (r2124, evaluate binary):
Alarm value 0:
The brake test was canceled as a result of a fault
(brake opening time or brake closing time exceeded).
Bit 0:
The safe brake test was canceled by resetting the brake test selection.
Bit 1:
The safe brake test was canceled as the start of the brake test was
reset.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-777
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Bit 2:
The brake, which was selected at the start of the brake test, is not
configured in p10202.
When starting the brake test using the test stop selection, brake 1 was
not configured as internal brake.
There is a brake test configuration error. In this case, Alarm A01785 is
also output.
See also: p10202 (SI Motion SBT brake selection)
Remedy Check the brake test parameterization (p10202).
Check whether alarm A01785 is active, and if required, evaluate.
Perform a safe acknowledgment.
If required, restart the brake test.

A01783 SBT brake closing time exceeded

Response NONE
Acknowledgment NONE
Explanation The maximum time (11 s) to close the brake during the brake test has
been exceeded.
Alarm value (r2124, interpret binary):
Bit 0 = 1:
Internal brake was not able to be closed.
Bit 1 = 1:
External brake was not able to be closed.
Remedy When using an external brake, check whether the feedback signal
”Brake closed” is correctly interconnected with the control word of the
brake test (p10230.5, p10235.5).
When using an internal brake with external feedback signal, check
whether the feedback signal is correctly interconnected with the
extended brake control.
Perform a safe acknowledgment.
Restart the brake test (p10230.1, p10235.1).

A01784 SBT brake test canceled with error

Response NONE
Acknowledgment NONE
Explanation The safe brake test was canceled as a result of a fault Alarm value
(r2124, interpret binary):
Bit 17 = 1: Error in the brake test sequence (for the cause, see bit
0 ... 10).
Bit 18 = 1: The internal brake is closed. It must be open when testing
the external brake (p10202).

© Siemens AG 2015 All Rights Reserved

10-778 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

Bit 19 = 1: The external brake is closed. It must be open when testing

the internal brake (p10202).
Bit 20 = 1: Not all of the brakes are open (p10202).
Bit 21 = 1: axis position during the brake test invalid as a result of
parking axis.
Bit 22 = 1: Internal software error.
Bit 23 = 1: The permissible position range of the axis when the brake is
closed was violated (p10212/p10222).
Bit 24 = 1: The tested internal brake was opened during the active
brake test.
Bit 25 = 1: The tested external brake was opened during the active
brake test.
Bit 26 = 1: During the active brake test, the test torque as exited its
tolerance bandwidth (20%).
Cause for alarm value bit 17:
Bit 0 = 1: Operation when selecting the brake test not enabled
(r0899.2=0).
Bit 1 = 1: External fault occurred (e.g. the started brake test was
canceled by the user).
Bit 2 = 1: A brake is closed when selecting the brake test.
Bit 3 = 1: A brake is closed when the determining the load torque.
Bit 4 = 1: A fault has occurred with a stop response (e.g. OFF1, OFF2
or OFF3).
Bit 5 = 1: The axis setpoint is speed is too high when selecting the
brake test.
Bit 6 = 1: The actual speed (r0063) of the axis is too high (e.g. the
brake is not holding the axis during the brake test).
Bit 7 = 1: Incorrect speed controller mode (speed control without
encoder or U/f operation).
Bit 8 = 1: Closed--loop control has not been enabled or function
generator is active.
Bit 9 = 1: The closed--loop control does not to switchover to the brake
test mode (e.g. because no PI speed control has been parameterized).
Bit 10 = 1: Torque limit reached (r1407.7, r1408.8).
Remedy Remove the cause of the fault.
Perform a safe acknowledgment.
If required, restart the brake test.
For bit 17 = 1 with bit 6 = 1 or bit 23 = 1:
If the brake closing time for the motor holding brake (p1217) is set to
short, then when the brake test starts, the brake is closed too late. The
brake closing time must be adapted (p1217).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-779
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

A01785 SBT brake test configuration error

Response NONE
Acknowledgment NONE
Explanation Error when parameterizing the brake test.
In this configuration, the brake test cannot be started, or cannot be
started without errors.
Alarm value (r2124, interpret decimal):
1:
No motion monitoring functions have been enabled
2:
Two internal brakes have been configured (p10202).
4:
No brake has been configured (p10202).
8:
The brake test is configured for an internal brake, however the safe
brake control is not enabled (p9602/p9802).
16:
The safe brake test and safety without encoder are simultaneously
enabled (p9306/p9506). This is not permitted.
32:
The safe brake test and vector Uf control are enabled. In this closed--
loop control mode, the safe brake test is not possible.
Remedy Check the brake test parameterization.

F01786 SCC signal source changed

Response NONE
Acknowledgment IMMEDIATELY
Explanation The signal source in p10235 or p10250 were changed.
The new signal source is active immediately.
See also: p10235 (SI Safety Control Channel control word S_STW3B),
p10250 (SI Safety Control Channel control word S_STW1B)
Remedy Acknowledge the fault.

F01787 SBT motor type different

Response OFF2
Acknowledgment IMMEDIATELY
Explanation The motor type set for the safe brake test (p10204) does not match the
motor type set using the function module (r0108.12).
Remedy Adapt the motor type set for the safe brake test.
Note:
All of the parameters for the brake test, whose units depend on the
particular motor type, must be carefully checked.
See also: p10204 (SI Motion SBT motor type), p10209

© Siemens AG 2015 All Rights Reserved

10-780 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

A01796 (F, N) SI Motion CU: Wait for communication

Response NONE
Acknowledgment NONE
Explanation The drive waits for communication to be established in order to execute
the safe functions.
Note:
In this state, STO is active.
Alarm value (r2124, interpret decimal):
1: Wait for communication to be established with SINUMERIK.
Remedy If the message is not automatically withdrawn after a longer period of
time, then depending on the communication, the following checks
should be made:
For communication with SINUMERIK, the following applies:
-- Check and remove any additional messages that are present
regarding PROFIBUS communication.
-- Check the correct assignment of the axes on the higher--level
control to the drives in the drive unit.
-- Check that the safety motion monitoring functions for the corre-
sponding axis on the higher--level control are enabled and if
required, set.
See also: p9601, p9801, p10010
Response for F NONE (OFF1, OFF2, OFF3)
Acknowledgment for F IMMEDIATELY (POWER ON)
Response for N NONE
Acknowledgment for N NONE

C01797 SI Motion P1 (CU): axis not safely referenced

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The stop position saved before powering--down does not coincide with
the actual position that is determined when powering--up.
Message value (r9749, interpret as decimal):
1: Axis not referenced
2: User agreement missing
Remedy If the axis cannot be automatically and safely referenced, then the user
must enter a user agreement for the new position using the appropriate
softkey. This therefore designates this position as being a safety--
related position.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-781
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

C01798 SI Motion P1 (CU): Test stop running

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The test stop is active.
Remedy Not necessary.
The message is withdrawn when the test stop is completed.

C01799 SI Motion P1 (CU): Acceptance test mode active

Response NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The acceptance test mode is active.
The following applies to safety functions with SINUMERIK:
The power on messages of the safe motion monitoring functions can
be acknowledged during the acceptance test using the acknowledg-
ment options of the higher--level control.
Remedy Not necessary.
The message is withdrawn when exiting the acceptance test mode.

List of faults and alarms (Motor Module)

F30600 SI P2: STOP A initiated

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive on monitoring
channel to has detected a fault and initiated a STOP A (STO via the
safety shutdown path of monitoring channel 2).
-- Forced checking procedure of the safety shutdown path of the
monitoring channel unsuccessful.
-- Subsequent response to fault F30611 (defect in a monitoring
channel).
Fault value (r0949, interpret decimal):
0: Stop request from the Control Unit
1005: STO active, although STO not selected and there is no internal STOP
A present.
1010: STO inactive although STO is selected or an internal STOP A is
present.
1011: Internal error for STO deselected in monitoring channel 2.
1020: Internal software error in the ”Internal voltage protection” function.
The ”Internal voltage protection” function is cancelled. A STOP A that
cannot be acknowledged is initiated.
9999: Subsequent response to fault F30611

© Siemens AG 2015 All Rights Reserved

10-782 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

Remedy Select Safe Torque Off and then deselect again.

-- Carry out a POWER ON (power off/on) for all components.
For fault value = 1020:
-- Upgrade the Motor Module/Hydraulic Module software.
-- Replace the Motor Module/Hydraulic Module.
For fault value = 9999:
-- Carry out diagnostics for fault F30611.

F30611 SI P2: Defect in a monitoring channel

Response NONE (OFF1, OFF2, OFF3)
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in processor 2 has detected
a fault in the crosswise data comparison between the two monitoring
channels and has initiated STOP F.
As a result of this fault, after the parameterized transition has expired
(p9858), fault F30600 (SI P2: STOP A initiated) is output.
Fault value (r0949, interpret decimal):
0: Stop request from the Control Unit
1 to 999:
Number of the crosswise compared data that resulted in this fault. This
number is also displayed in r9895.
1: SI monitoring clock cycle (r9780, r9880)
2: SI enable safety functions (p9601, p9801). Only the supported bits are
crosswise compared.
3: SI SGE changeover, tolerance time (p9650, p9850)
4: SI transition time STOP F to STOP A (p9658, p9858)
5: SI enable safe brake control (p9602, p9802)
6: SI Motion, enable safety functions (p9501, internal value).
7: SI delay time of STO for Safe Stop 1 (p9652, p9852).
9: Debounce time for STO/SBC/SS1 (MM) (p9651, p9851)
10: SI delay time to initiate STO for ESR (p9697, p9897)
11: SI Safe Brake Adapter mode, BICO interconnection (p9621, p9821).
1000: Check (watchdog) timer has expired.
Within the time of approx. 5 x p9850 too many signal changes have
occurred at terminal EP of the Motor Module.
1001, Initialization error, change timer/check timer.
1002:
1950: Module temperature outside the permissible temperature range.
1951: Module temperature not plausible.
2000: Status of STO selection in both monitoring channels different.
2001: Feedback signal of STO deactivation in both monitoring channels
different.
2002: Status of the delay timer SS1 in both monitoring channels different
(status of the timer in p9650/p9850).
2003: Status of the STO terminals in both monitoring channels different.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-783
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Remedy Re fault value = 1 to 5 and 7 to 999:

-- Check the crosswise compared data that resulted in a STOP F.
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.
For fault value = 6:
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.
For fault value = 1000:
-- Check the wiring of the safety--related inputs (SGE) on the Control
Unit (contact problems).
For fault value = 1001, 1002:
-- Carry out a POWER ON (power off/on) for all components.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.
Re fault value = 2000, 2001, 2002, 2003:
-- Check the tolerance time SGE changeover and if required, increase
the value (p9650, p9850, p9652/p9852).
-- Check the wiring of the safety--related inputs (SGE) (contact
problems).
-- Check the reason why STO was selected in r9872. For active SMM
functions (p9501 = 1), STO can also be selected as a result of these
functions.
-- Replace the Motor Module involved.
This fault can be acknowledged after resolving the cause of fault and
after selecting/deselecting STO.

N30620 (F, A) SI P2: Safe torque off active

Response NONE
Acknowledgment NONE
Explanation The ”Safe Torque Off” (STO) function of the basis functions has been
selected on monitoring channel 2 via the input terminal and is active.
Note:
This message does not result in a safety stop response.
Remedy Not necessary.
Response for F OFF2
Acknowledgment for F IMMEDIATELY (POWER ON)
Response for A: NONE
Acknowledgment for A NONE

© Siemens AG 2015 All Rights Reserved

10-784 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

N30621 (F, A) SI P2: Safe Stop 1 active

Response NONE
Acknowledgment NONE
Explanation The ”Safe Stop 1” (SS1) function has been selected on monitoring
channel 2 and is active.
Note:
This message does not result in a safety stop response.
Remedy Not necessary.
Response for F OFF2
Acknowledgment for F IMMEDIATELY (POWER ON)
Response for A: NONE
Acknowledgment for A NONE

F30625 SI P2: Sign--of--life error in safety data

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive on monitoring
channel 2 has detected an error in the sign--of--life of the safety data
between the two monitoring channels and initiated a STOP A.
-- There is either a DRIVE--CLiQ communications error or communica-
tions have failed.
-- A time slice overflow of the safety software has occurred.
-- The enable of the safety functions in both monitoring channels is
inconsistent (p9601 = 0, p9801 <> 0).
Fault value (r0949, interpret decimal):
Only for internal Siemens troubleshooting.
Remedy Select Safe Torque Off and then deselect again.
-- Carry out a POWER ON (power off/on) for all components.
-- Check whether there is a DRIVE--CLiQ communications error
between the two monitoring channels, and if required carry out a
diagnostics routine for the faults identified.
-- Deselect all drive functions that are not absolutely necessary.
-- Reduce the number of drives.
-- Check the electrical cabinet design and cable routing for EMC
compliance.
-- Check the enabling of the safety functions for both monitoring
channels and correct if necessary (p9601, p9801).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-785
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

F30630 SI P2: Brake control defective

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive on the Motor
Module (MM) has detected a brake control fault and initiated a STOP
A.
-- The motor cable shield is not correctly connected.
-- Defect in the brake control circuit of the Motor Module.
Fault value (r0949, interpret decimal):
10:
Fault for ”Open brake”
-- Parameter p1278 incorrectly set
-- Brake not connected or interrupted cable (check whether for p1278
= 1 and p9602/p9802 = 0 (SBC switched--out) the brake opens).
-- Ground fault, brake cable
30:
Fault for ”Close brake”
-- Brake not connected or interrupted cable (check whether for p1278
= 1 and p9602/p9802 = 0 (SBC switched--out) the brake opens).
-- Short--circuit in the brake winding
40:
Fault in the ”Brake closed” state
60, 70:
Fault in the brake control of the Control Unit or communication error
between the Control Unit and Motor Module (brake control).
81:
Safe Brake Adapter: Fault for ”Brake closed” operation
82:
Safe Brake Adapter: Fault for ”Open brake”.
83:
Safe Brake Adapter: Fault for ”Close brake”.
84,85:
Safe Brake Adapter:
Fault in the brake control of the Control Unit or communication error
between the Control Unit and Motor Module (brake control).
90:
Brake released for service purposes (X4).
91:
Fault for ”Open brake”.
-- Brake not connected or interrupted cable (check whether for p1278
= 1 and p9602/p9802 = 0 (SBC switched--out) the brake opens).
Remedy Check parameter p1278 (with SBC, only p1278 = 0 is permissible)
-- Select Safe Torque Off and then deselect again.
-- Check the motor holding brake connection.
-- Check the function of the motor holding brake.
-- Check whether there is a DRIVE--CLiQ communications error
between the Control Unit and the Motor Module involved and if
required, carry out a diagnostics routine for the faults identified.

© Siemens AG 2015 All Rights Reserved

10-786 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

-- Check that the control cabinet is EMC--compliant and the cable

routing (e.g. connect the motor cable shield and brake conductors
with the shield connecting plate or screw the motor connector to the
enclosure).
-- Replace the Motor Module involved.
Operation with Safe Brake Module or Safe Brake Adapter:
-- Check the connection of the Safe Brake Module or Safe Brake
Adapter.
-- Replace the Safe Brake Module or Safe Brake Adapter.

A30640 (F) SI P2: Fault in the shutdown path of the second channel
Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The Motor Module has a communication error with the higher--level
control to transfer the safety--relevant information, or there is a commu-
nication error between Motor Modules connected in parallel.
Note:
This fault results in a STOP A that can be acknowledged.
Fault value (r0949, interpret as decimal):
Only for internal Siemens troubleshooting.
Remedy For a higher--level control, the following applies:
-- Check the PROFIsafe address in the higher--level control and Motor
Module and if required, correct
-- Save all parameters (p0977 = 1).
-- Carry out a POWER ON for all components.
In general:
-- Upgrade the Motor Module software.
Response for F NONE (OFF2)
Acknowledgment for F IMMEDIATELY (POWER ON)

F30649 SI P2: Internal software error

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation An internal error in the Safety Integrated software in monitoring channel
2 has occurred.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret as hexadecimal):
Only for internal Siemens troubleshooting.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-787
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

Remedy Carry out a POWER ON (power off/on) for all components.

-- Re--commission the Safety Integrated function and carry out a
POWER ON.
-- Upgrade the Motor Module/Hydraulic Module software.
-- Contact the Hotline.
-- Replace the Motor Module/Hydraulic Module.

F30650 SI P2: Acceptance test required

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function on monitoring channel 2 requires an
acceptance test.
Note:
This fault results in a STOP A that can be acknowledged.
Fault value (r0949, interpret as decimal)
130: Safety parameters for monitoring channel 2 not available.
1000: Reference and actual checksum on monitoring channel 2 are not
identical (boot).
-- As a result of the changed sampling time of the current controller
(p0115[0]) the clock cycle time for Safety Integrated Basic Func-
tions (r9880) was adapted
-- Safety parameters set offline and loaded to the Control Unit.
-- A download was made to SINAMICS whose firmware version of
monitoring channel 2 did not correspond to the latest version
release. The request to switch off the DRIVE--CLiQ component
A1007 was present after the download.
-- At least one checksum--checked piece of data is defective.
2000: Reference and actual checksum on monitoring channel 2 not
identical (commissioning mode).
-- Reference checksum incorrectly entered for monitoring channel 2
(p9899 not equal to r9898).
2003: Acceptance test is required as a safety parameter has been
changed.
2005: The safety logbook has identified that safety checksums have been
changed. An acceptance test is required.
3003: An acceptance test is required, as one of the safety parameters
referred to the hardware has been changed.
9999: Subsequent response of another safety fault that occurred when
powering up, which requires an acceptance test.

Remedy For fault value = 130:

-- Carry out safety commissioning routine.
For fault value = 1000:
-- Check the cycle time for the Safety Integrated basic functions
(r9880) and adapt the set checksum (p9899).
-- Repeat safety commissioning.
-- Switch off the drive device and DRIVE--CLiQ components and then
switch on again. If A30650 remains active, then download again.
-- Replace the memory card or the Control Unit.

© Siemens AG 2015 All Rights Reserved

10-788 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

For fault value = 2000:

-- Check the safety parameters in the monitoring channel 2 and adapt
the reference checksum (p9899).
For fault value = 2003, 2005:
-- Carry out acceptance test and create test certificate.
The procedure when carrying out the acceptance test as well as an
example for the acceptance report can be found in the following
reference:
SINAMICS S120 Safety Integrated Function Manual
For fault value = 9999:
-- Carry out diagnostics for the other safety--related fault that is
present.
See also: p9799 (SI reference checksum SI parameters (Control Unit)),
p9899 (SI reference checksum, SI parameters (Motor Module)).

F30651 SI P2: Synchronization with the Control Unit unsuccessful

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The ”Safety Integrated” function integrated in the drive requires that the
safety time slices are synchronized in both monitoring channels. This
synchronization routine was not successful.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
Only for internal Siemens troubleshooting.
Remedy Carry out a POWER ON (power off/on) for all components
-- Upgrade the Motor Module/Hydraulic Module software.
-- Upgrade the Control Unit software.

F30652 SI P2: Monitoring clock cycle not permissible

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The Safety Integrated monitoring clock cycle cannot be maintained due
to the communication conditions requested in the system.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
Only for internal Siemens troubleshooting.
Remedy When fault F01652 simultaneously occurs, apply the remedy/counter-
measure described there.
-- Upgrade the firmware of the Motor Module/Hydraulic Module to a
later version.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-789
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

F30655 SI P2: Aligning the monitoring functions

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation An error has occurred when aligning the Safety Integrated monitoring
functions for the two monitoring channels. A common set of supported
SI monitoring functions was not able to be determined.
-- DRIVE--CLiQ communications has an error or failed.
-- Safety Integrated software releases on the Control Unit and the
Motor Module/Hydraulic Module are not compatible with one
another.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret as hexadecimal):
Only for internal Siemens troubleshooting.
Remedy Carry out a POWER ON (power off/on) for all components
-- Upgrade the Motor Module/Hydraulic Module software.
-- Upgrade the Control Unit software.
-- Check the electrical cabinet design and cable routing for EMC
compliance.

F30656 SI P2: Incorrect Motor Module parameter

Response OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation When accessing the Safety Integrated parameters for monitoring
channel 2 in the non--volatile memory, an error has occurred.
Note:
This fault results in a STOP A that can be acknowledged.
Fault value (r0949, interpret decimal):
129: Safety parameters for monitoring channel 2 corrupted.
Drive with enabled safety functions possibly copied offline using the
commissioning software and the project downloaded.
131: Internal software error on the Control Unit.
255: Internal Motor Module/Hydraulic Module software error.

Remedy Recommission the safety functions.

-- Upgrade the Control Unit software.
-- Upgrade the Motor Module/Hydraulic Module software.
-- Replace the memory card or the Control Unit.
For fault value = 129:
-- Activate the safety commissioning mode (p0010 = 95).
-- Adapt the PROFIsafe address (p9610).
-- Start the copy function for SI parameters (p9700 = D0 hex).
-- Acknowledge data change (p9701 = DC hex).
-- Exit the safety commissioning mode (p0010 = 0).
-- Save all parameters (p0977 = 1 or ”Copy RAM to ROM”).
-- Carry out a POWER ON (power off/on) for all components.

© Siemens AG 2015 All Rights Reserved

10-790 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

F30659 SI P2: Write task for parameter rejected

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The write task for one or several Safety Integrated parameters on
monitoring channel 2 was rejected.
Note:
This fault does not result in a safety stop response.
Fault value (r0949, interpret decimal):
10: An attempt was made to enable the STO function although this cannot
be supported.
11: An attempt was made to enable the SBC function although this cannot
be supported.
13: An attempt was made to enable the SS1 function although this cannot
be supported.
14: An attempt was made to enable the safe motion monitoring with the
higher--level control although this cannot be supported.
15: An attempt was made to enable the motion monitoring functions
integrated in the drive although these cannot be supported.
16: An attempt was made to enable PROFIsafe communication, although
this cannot be supported or the version of the PROFIsafe driver is
different in both monitoring channels.
19: An attempt was made to enable the pulse suppression delay for ESR,
although this cannot be supported.

See also: r9771 (SI common functions (Control Unit)), r9871

(SI common functions (Motor Module))
Remedy Re fault value = 10, 11, 13, 14, 15, 16, 19:
-- Check whether there are faults in the safety function alignment
between the two monitoring channels (F01655, F30655) and if
required, carry out diagnostics for the faults involved.
-- Use a Motor Module that supports the required function.
-- Upgrade the Motor Module software.
-- Upgrade the Control Unit software.

F30672 SI P2: Control Unit software incompatible

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The existing Control Unit software does not support the safe drive--
integrated motion monitoring function.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
Only for internal Siemens troubleshooting.
Remedy Check whether there are faults in the safety function alignment
between the two monitoring channels (F01655, F30655) and if
required, carry out diagnostics for the faults involved.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-791
Diagnostics 10/15
10.3 Safety messages for SINAMICS S120

-- Use a Control Unit that supports the safety--related motion

monitoring functions.
-- Upgrade the Control Unit software.

F30680 SI Motion P2: Checksum error safe monitoring functions

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The actual checksum calculated by the Motor Module/Hydraulic Module
and entered into r9398 over the safety--related parameters does not
match the reference checksum in p9399 saved when the machine was
accepted the last time.
The safety--related parameters have been changed or there is an error.
Note:
This fault results in a STOP A that cannot be acknowledged.
Fault value (r0949, interpret decimal):
0: Checksum error for SI parameters for motion monitoring.
1: Checksum error for SI parameters for component assignment.
Remedy Check the safety--related parameters and if required correct.
-- Set the reference checksum to the actual checksum.
-- Execute the ”Copy RAM to ROM” function.
-- Perform a POWER ON if safety parameters have been changed
that require a POWER ON.
-- Carry out an acceptance test.

C30681 SI Motion P2: Incorrect parameter value

Response for A: NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The parameter cannot be parameterized with this value.
Note:
This message does not result in a safety stop response.
Fault value (r0949, interpret decimal):
Parameter number with the incorrect value.
Remedy Correct the parameter value (if necessary, also on the CU side, p9601).
For more detailed information, see the SINAMICS S120/S150 List
Manual

© Siemens AG 2015 All Rights Reserved

10-792 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.3Safety messages for SINAMICS S120

C30682 SI Motion P2: Monitoring function not supported

Response for A: OFF2
Acknowledgment IMMEDIATELY (POWER ON)
Explanation The monitoring function enabled in p9301, p9501, p9601 or p9801 is
not supported in this firmware version.
Note:
This message does not result in a safety stop response.
Fault value (r0949, interpret decimal):
9: Monitoring function not supported by the firmware or enable bit not
used.
12: This Control Unit does not support the operation of safe functions
with a higher--level control (e.g. SINUMERIK).
30: The firmware version of the Motor Module is older than the version
of the Control Unit.
Remedy Deselect monitoring function involved (p9301, p9301, p9303, p9601,
p9801).
-- Upgrade the Motor Module firmware.

C30706 SI Motion P2: SAM/SBR limit exceeded

Response for A: NONE
Acknowledgment IMMEDIATELY (POWER ON)
Explanation After the initiation of STOP B (SS1) or STOP C (SS2), the speed
exceeded the selected tolerance value.
The drive is stopped with message C30700 ”SI Motion P2: STOP A
initiated”.
Remedy Check the braking behavior and if required, adapt the parameterization
of the ”SAM” or ”SBR” function.
This message can only be acknowledged in the acceptance test mode
without POWER ON via PROFIsafe.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-793
Diagnostics 10/15
10.4 Safety PLC alarms

10.4 Safety PLC alarms

400253 PLC--STOP due to SPL system error

Explanation After an interruption in the communications between NCK and PLC
regarding the SPL--CDC, the PLC was switched into the STOP state
with a delay of 5 s.
Response Alarm display
Remedy Do not start the SPL anymore. Check the system components (PLC
must have the correct version of FB15 and have DB18).
Program
r Remove the fault. Switch--off – switch--on the control
continuation

400254 Checksum error occurred: %1 parameter: %1 = reference to the

code section or table
Explanation Checksum error in safety--related code or safety--related data. The
safety monitoring functions (Safety Integrated) in the PLC could be
corrupted.
Response Alarm display
Remedy Switch--off/switch on the control (power on) If this fault occurs again,
contact the service department. In addition perform a general reset for
NC, PLC and reload the archive.
r
Program Switch--off – switch--on the control
continuation

400551 Error on the MPI/DP bus

Explanation Error on the I/O bus detected
Response Alarm display
Remedy Check the I/O, resolve I/O errors
Program
r Internal
continuation

400552 Error on the DP bus

Explanation Error on the I/O bus detected
Response Alarm display
Remedy Check the I/O, resolve I/O errors
rProgram Internal
continuation

© Siemens AG 2015 All Rights Reserved

10-794 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.4 Safety PLC alarms

411101 FB11, illegal axis number

Explanation Parameter axis not in the permissible range
Response Alarm display
PLC STOP
Remedy PLC general reset, use the basic program with the correct version.
rProgram Remove the fault. Switch--off – switch--on the control
continuation

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-795
Diagnostics 10/15
10.5 Reducing the number of alarms

10.5 Reducing the number of alarms

In some cases, alarms having the same significance are initiated by the NCK, PLC
and SINAMICS S120 monitoring channels. In order to make the alarm screen
more transparent, the alarms that were initiated sometime later -- but have the
same significance -- are suppressed or even an alarm that occurred earlier is
cleared again if it apparently involves a subsequent (follow--on) fault/error.
Alarm suppression and alarm priority are not involved when it comes to initiating a
stop through two channels. This functionality is implemented independently of the
alarm being initiated and is still maintained.

10.5.1 Alarm suppression

When the alarm suppression function is active, the alarm of the monitoring channel
is displayed that first detected the fault/error that initiated the alarm.
This only applies to some of the alarms. Alarms whose information content differs
depending on the monitoring channels are still separately displayed.
All of the NCK and SINAMICS S120 safety alarms, which can be suppressed with
the appropriate parameterization of $MN_SAFE_ALARM_SUPPRESS_LEVEL,
are shown in the following table.

Table 10-5 Comparison of the NCK and SINAMICS S120 safety alarms

NCK alarm SINAMICS Alarm suppression using the following values in

number S120 alarm $MN_SAFE_ALARM_SUPPRESS_LEVEL,
number several values are alternatively possible.
27000 C01797 3, 13, replaced by Alarm 27100
27010 C01707 1, 2, 3, 12, 13
27011 C01714 1, 2, 3, 12, 13
27012 C01715 1, 2, 3, 12, 13
27013 C01706 1, 2, 3, 12, 13
27020 C01710 1, 2, 3, 12, 13
27021 C01709 1, 2, 3, 12, 13
27022 C01708 1, 2, 3, 12, 13
27023 C01701 1, 2, 3, 12, 13
27024 C01700 1, 2, 3, 12, 13

All of the NCK alarms are listed in the following table which can be prevented from
being initiated twice due to a PLC request.

© Siemens AG 2015 All Rights Reserved

10-796 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.5Reducing the number of alarms

Table 10-6 NCK alarms initiated twice

NCK alarm Alarm suppression using the following values in

number $MN_SAFE_ALARM_SUPPRESS_LEVEL,
several values are alternatively possible.
27090 2, 3, 12, 13
27091 2, 3, 12, 13
27092 2, 3, 12, 13
27095 2, 3, 12, 13
27250 2, 3, 12, 13
27251 2, 3, 12, 13
27252 2, 3, 12, 13
27253 2, 3, 12, 13
27254 2, 3, 12, 13
27255 2, 3, 12, 13
27256 2, 3, 12, 13

Activation
The alarm is suppressed using MD10094 $MN_SAFE_ALARM_SUPPRESS_LE-
VEL. When standard data is loaded, the function is already active. This means that
a reduced number/scope of alarms is displayed. Alarms 27000 and C01797 can be
replaced via MD10094 with Alarm 27100.
MD$MN_SAFE_ALARM_SUPPRESS_LEVEL can also be used to set that Alarm
27040 is replaced by the group alarm 27140 ”Waiting for motor module of at least
one axis”.

SPL commissioning mode

The following alarm reductions are made in the commissioning phase:
The axis--specific acceptance test alarm 27032 ”Achse %1 checksum error safe
monitoring functions. Confirmation and acceptance test required!”, 27035 ”Axis %1
new hardware component, confirmation and functional test required” and 27060
”Axis %1 Drive assignment checksum error, confirmation and acceptance test
required!” are replaced by the axis--specific group alarm 27132 ”Axis %1 checksum
group error safe monitoring functions. Confirmation and acceptance test are
required!”
An additional alarm reduction can be set using MD $MN_SAFE_ALARM_SUP-
PRESS_LEVEL (100’s position set). As a result, the axis--specific acceptance test
alarms are replaced by the global acceptance test group alarm 27135 ”Axis %1
checksum group error, safety--related monitoring functions on at least one axis.
Confirmation and acceptance test are required!”

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-797
Diagnostics 10/15
10.5 Reducing the number of alarms

Note
The alarm reduction is only made in the SPL commissioning mode (MD
$MN_PREVENT_SYNACT_LOCK[0,1] = 0). Outside this mode, when changing
the parameter assignment, the corresponding individual axis--specific alarms
27032, 27035 and 27060 are always output.
Acceptance test alarms of the drive are not included in the alarm reduction. The
reason for this is that a parameterization change, which results in acceptance test
alarms, can be performed independently of one another in the two monitoring
channels.
It does not make sense to reduce the global acceptance test alarms
(27070--27073). The reason for this is that these alarms, which refer to a
checksum error in the SPL parameterization, PROFIsafe configuration or I/O
coupling (peripherals), is only output if the axis--specific monitoring functions have
been enabled.

Boundary condition
The MD is not incorporated in the axis--specific safety MD checksum. This means
that the function can be enabled/disabled at any time by changing the MD. In the
acceptance test, the alarm suppression should be internally deactivated so that the
two--channel fault/error detection can be checked. It can then be subsequently
activated in order to reduce the number of alarms that end users have to cope
with.

10.5.2 Assigning priorities to alarms

Especially for machines with an extremely high number of axes, the previously
described alarm suppression function is not adequate in order to obtain a display of
the real fault/error codes.
Just one single defective input signal can cause alarm 27001 (or 27101 to 27107)
to occur for many axes if this input signal has been configured as SGE on several
axes. The cause of the fault/error can be hidden as a result of the large alarm list.
This is the reason that priorities are assigned to Alarms 27090, 27004, 27001 and
27101 to 27107. For these alarms
S a subsequent (follow--on) alarm that occurs afterwards is no longer displayed.
This alarm is also not visible in the alarm log.
S a subsequent (follow--on) alarm that already occurred beforehand is cleared
again. This alarm is then visible in the alarm log.
Assigning priorities to Alarm 27090 only becomes effective if it occurs due to differ-
ences in the $A_INSE system variables. Only then will this alarm be initiated as a
result of different input signals. For Alarms 27004, 27001 and 27101 to 27107, no
additional condition is required, as

© Siemens AG 2015 All Rights Reserved

10-798 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Diagnostics
10.5Reducing the number of alarms

S Alarms 27001 and 27101 to 27107 cannot occur if a STOP B or a STOP A is

already active. When the SI functionality is active, STOP B and STOP A always
occur as subsequent error and do not provide the user with any additional infor-
mation about the cause of the fault or error.
S Alarm 27004 only occurs if differences are determined in the input signals.

Subsequent alarm for Alarm 27090

If Alarm 27090 is output, the following alarms are no longer displayed:
S 27001 defect in a monitoring channel
S 27004 difference, safety inputs
S 27020 STOP E initiated
S 27021 STOP D initiated
S 27022 STOP C initiated
S 27023 STOP B initiated
S 27024 STOP A initiated
S 27091 error for crosswise data comparison, NCK--PLC
S 27101 difference for the function, safe operating stop
S 27102 difference for the function, safely reduced speed
S 27103 difference for the function, safe end position
S 27104 difference for the function, safe cam plus
S 27105 difference for the function, safe cam minus
S 27106 difference for the function safely reduced speed nx
S 27107 difference for the function, cam modulo monitoring

Subsequent alarm for Alarm 27004

S 27001 defect in a monitoring channel
S 27023 STOP B initiated
S 27024 STOP A initiated
S 27101 difference for the function, safe operating stop
S 27102 difference for the function, safely reduced speed
S 27103 difference for the function, safe end position
S 27104 difference for the function, safe cam plus
S 27105 difference for the function, safe cam minus
S 27106 difference for the function safely reduced speed nx
S 27107 difference for the function, cam modulo monitoring

Subsequent alarms for Alarms 27001 and 27101 to 27107

S 27023 STOP B initiated
S 27024 STOP A initiated

Activation
Priorities are assigned to alarms by appropriately parameterizing MD10094
$MN_SAFE_ALARM_SUPPRESS_LEVEL. When this MD is set to either 12 or 13,
in addition to the alarm suppression, set with values 2 and 3, the function that
assigns priorities to alarms is also activated.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 10-799
Diagnostics 10/15
10.5 Reducing the number of alarms

Alarm 27124
By assigning priorities to alarms, alarms with the power on clear criterion are also
cleared or no longer displayed. In spite of this, the system is in a state in which a
power on is required. If alarm 27024 ”STOP A initiated” has occurred, but is no
longer displayed, then at least group alarm 27124 ”STOP A for at least 1 axis” is
displayed.

© Siemens AG 2015 All Rights Reserved

10-800 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Interaction with other functions 11
11.1 Limiting the speed setpoint
The setpoint speed is parameterized as a function of the active safety monitoring
in MD36933 $MA_SAFE_DES_VELO_LIMIT. This machine data is not incorpora-
ted in the axis--specific checksum MD36998 $MA_SAFE_ACT_CHECKSUM, so
that changes can be made to the MD for the acceptance test without having to
again change the checksum.
If the spindle speed is limited by the SG--specific setpoint limiting, then this is
displayed using the axis--specific status signal DB3x.DBX83.1.
MD = 0%:
Setpoint limiting not active
MD > 0%:
Setpoint limiting = active SG limit multiplied by the MD value
For SBH, setpoint limit = 0
MD = 100%:
Setpoint limit = active SG limit
For SBH, setpoint limit = 0
S The function is effective in one channel in the NCK interpolator. The safety
monitoring channel provides a limit value that corresponds to the selected
safety monitoring type.
S This function influences both axes and spindles.
S The active setpoint limit can be viewed in the safety service screen:
Display value = --1. corresponds to ”setpoint limiting not active”
Display value >= 0. corresponds to ”setpoint limiting active”
S The setpoint limit is changed--over when the SGE is changed--over:
SGE ”SBH/SG deselection”
SGE ”SBH deselection”
SGE ”active SG stage, bits 0,1”
SGE ”SG override, bits 0, 1, 2, 3”
Further, internal changeover operations in SBH have an effect as a result of a
stop response (STOP D, C, E).

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 11-801
Interaction with other functions 10/15
11.2 Setpoint exchange

-- Using axis--specific signals DB3x.DBX34.0 ... 1, the user can select a value
from the MD field 36933 $MA_SAFE_DES_VELO_LIMIT[0..3]. This means
that independent of the active SG stage, one of four parameterized setpoint
speed limits can be activated. If the PLC user program does not provide an
input value, then the value in MD$MA_SAFE_DES_VELO_LIMIT[0] applies
S For the changeover via SGEs, the states from both monitoring channels are
taken into consideration to take into account differences in the times. This
results in the following rules:
1. Changing--over from non--safe operation in SG/SBH
There is no delay (VELO_SWITCH_DELAY), so that this changeover must
always be performed at zero speed or below the enabled SG limit.
2. Changing--over from SGx to SGy
A) SGx > SGy (braking): A lower setpoint is entered as soon as changeover
is detected in one of the two channels.
B) SGx < SGy (accelerating): A higher setpoint is only entered if both
channels have changed--over.
3. Changing--over from SG to SBH (braking)
A lower setpoint (= 0) is entered as soon as the changeover has been
detected in one of the two channels.
4. Changing--over from SBH to SG (accelerating)
A higher setpoint is only entered if both channels have changed--over.
5. Changing--over from SBH/SG into non--safe operation (accelerating)
A higher setpoint is only entered if both channels have changed--over.
S Effect of the function in the NCK interpolator:
-- Setpoint limiting is active in both the AUTO as well as in the JOG modes.
-- When changing--over while moving to higher safely reduced speeds, the
position control loop should be set so that it does not overshoot. This means
that a sudden setpoint limit change does not cause the monitoring to
respond on the actual value side.
-- When transformation is active, safety setpoint limits, effective in the interpo-
lator on an axis--for--axis basis are reduced by the transformation itself
depending on the actual position.

Note
There are no restrictions for motion from synchronous actions.

11.2 Setpoint exchange

The ”setpoint changeover” function allows several axes to use a common drive. To
define the axes that should participate in a setpoint switchover, the same setpoint
channel of the drive is assigned a multiple number of times. To do this, MD30110
$MA_CTRLOUT_MODULE_NR must be preassigned the logical number of the
drive for each axis.

© Siemens AG 2015 All Rights Reserved

11-802 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Interaction with other functions
11.2 Setpoint exchange

Setpoint changeover and Safety Integrated

In conjunction with the setpoint changeover, the SI functionality is only supported
with a restricted scope. At each setpoint changeover, the absolute position refer-
ence is lost. This means that only SI functions can be sensibly and practically used
that do not require absolute position information. These functions include SBH, SH,
SG, SBR, Stops and SPL.

Note
SE and SN are not supported.

The SI monitoring functions are only calculated in the axis configured for this -- not
taking into account existing drive checking functions. This means that only this SI
machine axis detects SI fault/error states. The associated alarm responses are
automatically effective for all of the axes involved in the setpoint changeover.
MD36901 SAFE_FUNCTION_ENABLE may only be activated in the last machine
axis configured for the setpoint changeover. This fixed assignment is kept over all
setpoint changeover operations.
In conjunction with Safety Integrated, all of the axes, involved in the setpoint
changeover, must be configured in the same channel.
If the SI monitoring is also to be effective when traversing/moving non--SI axes,
then it is not permissible that the SI axis is parked during this time.
An axis with the existing drive checking function DB3x.DBX96.5=1 must be parked
at the same time as an SI axis. This means that the axis SI monitoring functions
are de--activated synchronously in the drive and in the SI axis. Parking the axis --
must always be selected for both axes.
The ”parking” operating state can only be exited using the axis with the drive
checking function.
As a result of the mechanical changeover, the motor encoder (G1) – monitored
using SI – is moved from several axes one after the other. In order to be able to
determine the correct speed on the load side, the existing gearbox ratios of the
axes involved must be sensibly emulated (mapped) in the 8 elements of MD36921,
36922 of the SI axis and the drive p9521, p9522.
In order that the correct gearbox ratio factor becomes effective in the SI monitoring
function, the PLC must select the associated SI gearbox ratio and change over the
setpoint at the same time.
The SGEs to change over the gearbox stage must be safety--related and therefore
be able to be controlled through 2 channels. Channel 1 should evaluate the feed-
back signals from the gearboxes, channel 2 should evaluate the feedback from the
setpoint changeover DB3x.DBX96.5 ”Check of drive accepted”. It is not permis-
sible to use a 1--channel signal source to control the SGEs.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 11-803
Interaction with other functions 10/15
11.2 Setpoint exchange

2--encoder system
If the SI axis has two encoders, when changing over to the non--SI axes, it is not
permissible that the second safety encoder is de--coupled. Both SI encoders must
be continuously used. The gearbox ratio between the SI axis and the non--SI axes
must be taken into account when configuring the SI gearbox ratios.

STOPS
The setting MD36964 SAFE_IPO_STOP_GROUP <> 0 is not permissible for the
SI axis, as this causes the interpolating relationships to be cancelled.

Brake test
The brake test can only be carried--out in the SI axis. The SI axis must have the
drive checking function for the brake test.

Acceptance test
The acceptance test for non--SI axes must be manually carried--out and logged.
The acceptance test does not provide any support.

© Siemens AG 2015 All Rights Reserved

11-804 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Interaction with other functions
11.3 Measuring system changeover

11.3 Measuring system changeover

When measuring systems are changed--over (selected) via interface signals
”Position measuring system 1” (DB 31..., DBX1.5)
”Position measuring system 2” (DB 31..., DBX1.6) the following applies:
The encoder used by the position controller is changed--over.

Note
SI continues to work with the configured encoder.

11.4 Gantry axes

Stop responses Stop A, B, C for gantry axes are initiated as fast as possible for all
of the axes in the group. However, if unacceptable offsets result because of the
differing braking behavior of the axes, then stop response Stop D should be con-
figured.

11.5 Parking axis

When the park state is activated (using the interface signal ”parking”), then the
system automatically cancels the pulses using an external STOP A. After the park
state has been removed, the external STOP A is automatically deactivated again.

Warning
! When the ”parking” function is selected, actual value acquisition and the position
measuring system monitoring are deactivated for an axis/spindle. The NCK actual
value is frozen and mechanical actual value changes are no longer detected. This
also applies to the actual value acquisition of the two safety monitoring channels
NCK and SINAMICS S120. This means that all of the actual value related safety
motion monitoring functions (SBH, SG, n<nx, SBR, SE, SN) are ineffective.

The user can align the actual value acquisition of the safety monitoring channels
after re--selecting parking by again referencing/synchronizing to the machine posi-
tion.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 11-805
Interaction with other functions 10/15
11.6 Incremental encoder functionality

Parking an axis with absolute reference (SE/SN)

As a result of the fact that the actual value sensing of the two safety monitoring
channels NCK and SINAMICS S120 has been disabled, then the absolute refer-
ence of the axis is no longer detected in a safety--related fashion. The safety moni-
toring channels then respond as follows:
-- Alarms 27000/C01797 are displayed ”Axis no longer safely referenced”
-- SGA ”Axis safely referenced” cancelled on NCK and drive side
These alarms are only displayed for axes for which safety monitoring functions with
absolute reference are activated, i.e. for SE and SN. Alarms are not displayed for
axes that do not have these monitoring functions.
Machine data 36965 $MA_SAFE_PARK_ALARM_SUPPRESS can be used to
suppress Alarms 27000/C01797 until parking has been withdrawn.

Note
If ”parking axis” was not requested, however ”parking active” is signaled from the
drive or encoder, then Alarm 27001 is output with fine code 1025.

Note
When a drive object that has Safety Integrated functions released is switched to
”Parking” state, the Safety Integrated software responds by activating STO without
generating a separate message.

11.6 Incremental encoder functionality

The function ”Save actual value with incremental encoder” is enabled in MD
$MA_ENC_REFP_STATE for the parameterizable incremental encoder, and a
monitoring function with absolute reference (SE/SN) is enabled in MD
$MA_SAFE_FUNCTION_ENABLE. This combination of functions is not permitted.

© Siemens AG 2015 All Rights Reserved

11-806 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Interaction with other functions
11.7 OEM applications

11.7 OEM applications

Information for HMI--OEM users

If SINUMERIK Safety Integrated) (SI) and OEM applications (for HMI) are used at
the same time, the following points must be observed.

Warning
! 1. The PLC interface signals (DB31, ...) with safety--related drive inputs and
outputs may not be written into using the variable service (utility) of the
NCDDE/CAP server.
2. Write machine data using variable service
An acceptance test must be carried if the SI machine data were changed using
the variable service of the NCDDE/CAP server.
3. Changing alarm priorities
The alarm priorities selected for SI must be retained.
4. Changing alarm tests
The alarm texts of the SI alarms can be modified: This must be clearly
documented for the user.
5. Carry out ”acceptance test” message box
The ”carry out acceptance test” may not be modified!
6. User agreement
Functions relating to the user agreement (e.g. call, protective mechanism) may
not be altered.

Information for NCK--OEM users

SINUMERIK Safety Integrated can also be used for NCK--OEM applications.

Note
System memory change
System memory changes caused by the OEM application result in Alarm 27003
”Checksum error occurred”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 11-807
Interaction with other functions 10/15
11.8 NCU link

11.8 NCU link

An NCU link involves a group of several NCUs to control a machine. In this case,
the interpolation function of the various SERVO axes is distributed across the
various NCUs.
The following definitions have been made when operating systems such as these
with safety functionality:
S An SPL must be used on each NCU.
S An SPL is used to evaluate the local PROFIsafe I/O and the control of the local
SERVO axes. The monitoring behavior of SERVO axes of other NCUs is
controlled by the SPL of the corresponding NCU.
S Safety--related statuses are exchanged between various SPLs via the safety--
related communication F_SENDDP/F_RECVDP.
S Errors in the SPL context (SPL CDC) or F communication context (PROFIsafe,
F_SENDDP/F_RECVDP) only act on the local SERVO axes.
S Errors from motion monitoring functions with stop responses on the IPO act on
the axes of the channel of the axis, which initiated this response. These
responses can also affect other NCUs.

11.9 Behavior of the Sim--NCK systems

For simulation systems, a distinction is made in systems, which can be used to
verify
S that a part program can be executed
S the ability of the control to function -- including the I/O circuitry

Simulation to check that the part program can be executed

It is not expected that the safety functionality is effective for these systems (Linux--
based, Windows--based with PLC simulation). The machine data, with which safety
functionality can be activated, are therefore write protected.
The following machine data are write protected:
S $MN_PROFISAFE_MASTER_ADDRESS
Enable PROFIsafe master functionality
S $MN_PROFISAFE_IN_ADDRESS
Enable PROFIsafe input modules
S $MN_PROFISAFE_OUT_ADDRESS
Enable PROFIsafe output modules
S $MN_PROFISAFE_IN_ENABLE_MASK
Enable PROFIsafe input modules

© Siemens AG 2015 All Rights Reserved

11-808 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Interaction with other functions
11.9 Behavior of the Sim--NCK systems

S $MN_PROFISAFE_OUT_ENABLE_MASK
Enable PROFIsafe output modules
S $MN_SAFE_SDP_ENABLE_MASK
Enable F_SENDDP connections
S $MN_SAFE_RDP_ENABLE_MASK
Enable F_RECVDP connections
S $MA_SAFE_FUNCTION_ENABLE
Enabling axis--specific SI functions
This means that the safety functionality in these systems is not activated and they
behave neutrally.
Correct operation of the general NC functionality is guaranteed (start and protec-
tion of the SPL program does not have a disturbing effect). However, the safety
functionality implemented in the application (i.e. not within the context of the simu-
lation) is not corrected. Influencing the part program sequence by querying safety
system variables or querying the above--mentioned enable machine data is not
changed.

Simulation, machine integration

For these systems (Windows--based with simulated PLC), the complete safety
functionality (axis motion monitoring), PROFIsafe and F_SENDDP/F_RECVDP
coupling should function just the same as in a real system.
The safety functionality can be parameterized and programmed just the same as in
a real control system. The communication mechanisms on the PLC side ensure
that the PROFIsafe and F_SENDDP/F_RECVDP protocols are maintained. Exter-
nal software components can read--in or read--out net data in/out of the PROFIsafe
module adapter.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 11-809
Interaction with other functions 10/15
11.10Behavior of Safety Integrated when the communication fails

11.10 Behavior of Safety Integrated when the communication

fails
When the communication required for the SI fails between the drive and the NCK,
then both channels cancel the pulses. Under certain circumstances, this can be
delayed to enable retraction motion.

11.10.1 Delayed pulse cancellation in the event of communication

failure

Responses integrated in the drive can also be configured using the function
”extended stop and retract” (ESR). In this case, for each axis it is defined whether:
S the axis should continue to operate with a constant speed setpoint for a para-
meterized time and only then should braking be initiated (stop)
S the axis should continue to operate with a parameterized velocity for a para-
meterized time and then be braked along the current limit (retract)
The ESR integrated in the drive is configured for fault/error situations where the
NC can no longer enter a setpoint at the drive.
Even when communication fails with the SI functionality active, ESR integrated in
the drive is possible to protect machine. For this purpose, in the NCK monitoring
channel and in the drive monitoring channel, after a communication failure has
been identified, pulse cancellation is delayed in order to permit retraction motion.
The selected axis--specific SI functionality (SG, SE, SBH) at the instant that the
communication fails, is still available through one channel in the drive monitoring
channel. For the NCK monitoring channel, due to the missing actual value, moni-
toring is no longer possible.
The PLC--SPL remains functional in so much that the drive monitoring channel is
not required. (transport of the drive SGE is interrupted.) However, from the PLC--
SPL it is not possible to select another monitoring function or immediately cancel
the pulses via an external Stop A.
Also the NCK--SPL remains functional, since it receives its input variables
($A_INSE) via PROFIsafe I/O. The selection of another axis--specific monitoring
function (e.g. SE level switchover) remains, however, ineffective, since the axis--
specific NCK monitoring functions have been deactivated.
Activation
The delay time up to pulse cancellation must be set in MD10089
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL and in the corresponding drive para-
meterization p9580 SI Motion, pulse cancellation delay time after bus failure (CU)
must be parameterized for values greater than 0. With the default value 0, this
function is deactivated; in the case of a communication failure between the NCK
and drive, the pulses are immediately canceled.

© Siemens AG 2015 All Rights Reserved

11-810 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Interaction with other functions
11.10
Behavior of Safety Integrated when the communication fails

Note
When MD10089 is changed, for the drive--independent ESR function, the value
must also be transferred to the drives. This is realized using the ”Copy SI Data”
function. The ”Confirm SI data” softkey is used to confirm the checksums (this is
also necessary). Further, the user must also enter the values into drive parameters
p9697 and p9897. Before this,”Activate drive commissioning” softkey must be
pressed. After changing the data, by pressing the ”Deactivate drive
commissioning” softkey, the checksums are automatically acknowledged and
saved by ”Save”.

After communication to the drive monitoring channel has failed, the delay timer to
cancel the pulses is started if
S a pulse cancellation delay has been parameterized using
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL
S an SG stage with machine protection is active
MD36963 $MA_SAFE_VELO_STOP_REACTION (for the individual SG stages)
or MD36961 $MA_SAFE_VELO_STOP_MODE (for all SG stages together)
and the corresponding drive parameter assignment (p9563, p9561).
The criterion for a communication failure to the drive is when the sign--of--life
between the NCK and drive monitoring channel fails twice. This leads to Alarm
27050 ”Axis %1 failure SI communication”.
Behavior of the axis--specific NCK monitoring channel
If a pulse suppression delay is parameterized using
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL, after a communication failure, the
SGA of all axis--specific SI monitoring channels are first left in their old state. All
SGAs are deleted after this delay time has expired. The axis--specific monitoring
functions are no longer processed immediately after communication fails as the
basis for the monitoring functions, the safe actual value, is no longer available.
In the following cases, in the event of a communication failure, the axis--specific
NCK--SGA are immediately deleted, even if a delay time is parameterized in
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL:
-- a) an external STOP A is selected
-- b) a test stop is selected
-- c) the function SBH is or will be selected
-- d) An SG stage is selected or will be selected, where it was previously ex-
plicitly specified that in this SG stage no ESR should be performed in the
event of a communication failure (e.g. SG stage for personnel protection),
(see $MA_SAFE_VELO_STOP_REACTION or
$MA_SAFE_VELO_STOP_MODE).
Since the NCK monitoring channel is assigned to the shutdown path of the Motor
Module, the Motor Module must also know whether, in the event of communication
failure, the pulses should be canceled with a delay. The NCK cyclically provides
the Motor Module with this information. If the Motor Module detects a communica-
tion failure, dependent on the latest information of the NCK, it starts its delay timer
with the parameterized time from p9897 and then independently deletes the
pulses.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 11-811
Interaction with other functions 10/15
11.10Behavior of Safety Integrated when the communication fails

Behavior of the drive monitoring channel

The drive monitoring channel, just like the NCK monitoring channel, delays its
pulse cancellation by the parameterized time. However, in addition it also keeps
the monitoring functions active, which were active at the time of the failure. The
drive can continue to monitor as it still has the correct actual value.
In the following cases, communication failure immediately triggers pulse cancella-
tion, even if a delay time has been configured:
S The SBH function is selected.
S An SG stage has been selected, where it has been previously defined that in
this SG stage no ESR should be performed in the event of communication
failure (for example: SG stage for personnel protection).
ESR executed autonomously in the drive when communications fail

Note
In the event of a communication failure between the NCK and Control Unit, only an
ESR executed autonomously in the drive is possible, which must be initiated from
the Control Unit itself. The precondition in this case is that pulse cancellation is
delayed.

Example
The following parameterization ensures that when the communication fails there is
200ms time for an ESR -- integrated in the drive -- before the pulses are cancelled.
The SG stages for personnel protection are defined differently in the individual
axes:
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL= 0.2

; Parameterization for the X axis (AX1):

; pulses are immediately cancelled in all SG stages, Stop D is initiated when an SG is
; exceeded
$MA_SAFE_VELO_STOP_MODE[AX1] = 3

; Parameterization for the Y axis (AX2):

; pulses are not immediately cancelled in all SG stages, Stop D is initiated when an SG is
; exceeded
$MA_SAFE_VELO_STOP_MODE[AX2] = 13

© Siemens AG 2015 All Rights Reserved

11-812 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Interaction with other functions
11.10
Behavior of Safety Integrated when the communication fails

; Parameterization for the Z axis (AX3):

; pulses are immediately canceled in all SG stages, Stop D is initiated when an SG is ex-
; ceeded in SG stages 1 and 2, Stop C in SG stages 3 and 4
$MA_SAFE_VELO_STOP_MODE[AX3] = 5 ; =>$MA_SAFE_VELO_STOP_REACTION
becomes active
$MA_SAFE_VELO_STOP_REACTION[0, AX3] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX3] = 3 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX3] = 2 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX3] = 2 ; SG level 4

; Parameterization for the A axis (AX4):

; pulses are not immediately canceled in all SG stages, Stop D is initiated when an SG is
; exceeded in SG stages 1 and 2, Stop C in SG stages 3 and 4
$MA_SAFE_VELO_STOP_MODE[AX4] = 5 ; =>$MA_SAFE_VELO_STOP_REACTION
becomes active
$MA_SAFE_VELO_STOP_REACTION[0, AX4] = 13 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX4] = 13 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX4] = 12 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX4] = 12 ; SG stage 4

; Parameterization for the B axis (AX5):

; the pulses are only immediately cancelled in SG stages 1 and 3, Stop D is initiated when
; an SG is exceeded in all stages
$MA_SAFE_VELO_STOP_MODE[AX5] = 5 ; =>$MA_SAFE_VELO_STOP_REACTION
becomes active
$MA_SAFE_VELO_STOP_REACTION[0, AX5] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX5] = 13 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX5] = 3 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX5] = 13 ; SG stage 4

; Parameterization for the C axis (AX6):

; immediate pulse cancellation only in SG stages 1 and 3, Stop D is initiated when an SG
; is exceeded in SG stages 1 and 2, Stop C in SG stage 3 and Stop E in SG stage 4
$MA_SAFE_VELO_STOP_MODE[AX6] = 5 ; =>$MA_SAFE_VELO_STOP_REACTION
becomes active
$MA_SAFE_VELO_STOP_REACTION[0, AX6] = 3 ; SG stage 1
$MA_SAFE_VELO_STOP_REACTION[1, AX6] = 13 ; SG stage 2
$MA_SAFE_VELO_STOP_REACTION[2, AX6] = 2 ; SG stage 3
$MA_SAFE_VELO_STOP_REACTION[3, AX6] = 14 ; SG stage 4

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition 11-813
Interaction with other functions 10/15
11.10Behavior of Safety Integrated when the communication fails

Space for your notes

© Siemens AG 2015 All Rights Reserved

11-814 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Appendix A
A.1 Customer Support
The Center of Competence Service (CoCS) -- Sinumerik Safety Integrated®offers
users a wide range of services.
Contact addresses
Hotline: Tel.: 0180--5050--222
Fax: 0180--5050--223
Email: ad.support@siemens.com
Inquiry with subject 840D Safety Integrated
Contact: Tel.: +49 (0) 9131 98 4386
Fax: +49 (0) 9131 98 1359

Table A-1 Range of services for machine manufacturers and end customers

Portfolio Description of services

Concept development The safety functions are adapted to the machine based on the hazard analy-
sis and the customer’s operating philosophy. This includes e.g.:
S Planned operating modes
S Safety functions when the protective doors are closed
S Safety functions when the protective doors are open
S Emergency Stop concept
S A study of the safety--related external signals and elements
Standard engineering Based on the concept developed, the standard functions
S Safe standstill (SH), safe operating stop (SBH)
S Safely reduced speed (SG)
are integrated into the circuit diagram of the machine. External safety ele-
ments (e.g. door interlocking, Emergency Stop button, ...) are either configu-
red conventionally or logically combined using the ”safe programmable lo-
gic” (SPL) function.
SPL configuration Based on the standard configuration, the following SPL objects are created:
S Function diagram
S Logic program for the PLC area
S Logic program for the NC area
S Data blocks required (e.g. DB 18)
These objects are incorporated/linked into the complete system
Commissioning The safety functions are commissioned based on the configuration that has
been created. The customer provides the machine so that the drives can be
traversed and the control cabinet is wired according to the configuration.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition A-815
Appendix 10/15
A.1 Customer Support

Table A-1 Range of services for machine manufacturers and end customers, continued

Portfolio Description of services

Acceptance report Based on the submitted configuration documentation and commissioning,

an acceptance report for the safety functions is drawn--up. This includes:
S Description of the machine (name, type, ...)
S Description of the safety and operator concept
S Description of the axis--specific safety functions
S All of the safety functions are tested including the SPL logic
S The test results are recorded
The customer receives the acceptance report as hard copy and on an elec-
tronic data medium.
Approval procedure Support with the handling and line of argument for the approval procedure
by certified bodies (e.g. the appropriate regulatory bodies/institutes for safety
and health) or large end customers.
Workshop Workshops are held on the subject of machine safety adapted to customer--
specific requirements; if required, these workshops can be held at the custo-
mer’s site. Possible contents:
S Machinery Directive, Standards in general
S C Standards (machine--specific)
S Hazard analysis, risk analysis
S Control categories
S SINUMERIK Safety Integrated® Function and system description
S Configuration, machine data
S Commissioning
S Acceptance report
Hotline An expert for ”SINUMERIK Safety Integrated®” can be reached at the Hot-
line number should critical errors or problems occur during installation and
commissioning.
On--site service (local) Experts analyze problems that are encountered on site. The causes are
eliminated or counter--measures are drawn--up and implemented where
necessary.

© Siemens AG 2015 All Rights Reserved

A-816 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Appendix
A.2 References

A.2 References

/ASI/
Low--Voltage Switchgear and Systems, Catalog
Drive, Switchgear and Installation Technology from Siemens
Order No.: E20002--K1002--A101--A6

/6/
Reinert, D./Schäfer, M./Umbreit, M.: Antriebe und CNC--Steuerungen mit integrier-
ter Sicherheit (Antriebe und CNC--Steuerungen), in: ETZ--Heft 11/98.

Documentation
An overview of publications that is updated monthly is provided in a number of lan-
guages in the Internet at:
http://www.siemens.com/motioncontrol
Follow menu items ----> ”Support” ----> ”Technical Documentation” ----> ”Overview of
Documents” or ”DOConWEB”.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition A-817
Appendix 10/15
A.3 Abbreviations

A.3 Abbreviations

1f1 1 from 1 evaluation: Encoder signal is available through one

channel, is read once
2f2 2 from 2 evaluation: Encoder signal is available through one
channel, is read twice and compared
A... Alarm
ACX Access description Compressed and eXtensible, binary format
to define and describe data
ASIC Application Specific Integrated Circuit (semiconductor module
developed for special applications)
ASUB Asynchronous subprogram
β susceptibility to common cause failure
BAG Mode group
BAG--STOP Stop in corresponding mode group
BG Professional Association (in Germany)
BiCo Binector--connector (technology)
BO Binector output Binector Output
CCF Common cause failure
CDC Crosswise data comparison
CFG Configuration telegram
Channel_1 Channel reset in the 1st NCU channel
reset
CO Connector output Connector Output
CPU Central processing unit
CRC Cyclic redundancy check
CU Control Unit (drive device control unit)
DAC Digital/analog converter
DB Data block
DC Diagnostic coverage
DDS Drive data set (drive parameters that can be switched over to-
gether)
DI Digital input
DKE--AK German Electrotechnical Working Committee
DL Data left
DMS Direct measuring system
DO Digital output
DP Distributed I/O

© Siemens AG 2015 All Rights Reserved

A-818 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Appendix
A.3 Abbreviations

DPM DP master
DPR Dual port RAM
DR Data right
DRIVE--CLiQ ”DRIVE Component Link with IQ” (official name for DSA--Link
or SA--Link: serial bus to connect A&D drive components)
DW Data word
EMF Electromagnetic force
EN European Standard
ENDAT Encoder Data (interface for absolute encoder)
EP Enable pulses
EQN/ERN Part of an order code for absolute/incremental encoders manu-
factured by Heidenhain
ESD Electro static discharge
ESR Extended stop and retract
F... Fault
F--... Failsafe--...
F--DI Fail--safe input module
F--DO Fail--safe output module
F_RCVDP Fail--safe plant communication (SIMATIC)
F_RECVDP Fail--safe plant communication, receiver (SINUMERIK)
F_SENDDP Fail--safe plant communication, sender (SINUMERIK, SIMA-
TIC)
FD Feed drive
FOC Travel with limited torque/force (force control)
FSR F_SENDDP/F_RECVDP
FV Failsafe values
FXS Travel to fixed stop
GSD Device master data
GSTR Number of encoder pulses
HHU Handheld unit
HMS High--resolution measuring system
HW Hardware
IB Input byte
IBN Commissioning
IE Industrial Ethernet
IEC International Electrotechnical Commission
IFA Institute for work safety

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition A-819
Appendix 10/15
A.3 Abbreviations

IMP Pulse inhibit

IMS Indirect measuring system
INSE Input data of the safe programmable logic (SPL) from the I/O
INSI Input data of the safe programmable logic (SPL) from the
output data of the axis--specific monitoring functions
IPO Interpolator
IS Interface signal
I/O Input/output
I/R Infeed/regenerative feedback unit
λ Failure rate
LEC Leadscrew error compensation
LIFTFAST Fast retraction from the contour
LL Lower limit
LSB Least significant bit
MAKSIP Machine coordinate system actual position
MCP Machine control panel
MD Machine data or marker double word
MDD Machine data dialog
Mixed IO I/O module with analog and digital signals
MLFB Machine--readable product designation
MM Motor Module (power unit/power module)
MMC Man machine communication (user interface for communica-
tion between man and machine)
Mod. Module
MRL Machinery directive
MSB Most significant bit
MSD Main spindle drive
MT Machine tool
MTTFd Mean time to dangerous failure
N... No message or internal message
NC Normally closed contact
NC Numerical control
NCK NC kernel
NE Line infeed
Node Id Node identification code (unique code of each DRIVE--CLiQ
participant)
OA Operator acknowledge

© Siemens AG 2015 All Rights Reserved

A-820 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Appendix
A.3 Abbreviations

OB Organization block
OB Output byte
OFF3 The drive is braked along the OFF3 ramp (p1135)
OP Operator panel
OPI Operator panel interface
p... Adjustable parameter
PFHD Probability of dangerous failure per hour
PII Process image inputs
PIO Process image outputs
PL Performance Level
PLC Programmable Logic Controller
PM E--F Power Module electronic fail--safe
PNO PROFIBUS user organization
PROFIBUS Bus system for communication between automation
components
PROFIsafe Communication profile based on PROFIBUS for safety--related
communications
PS Power supply
PST PROFIsafe clock cycle
QVK Slave--to--slave communication (peer--to--peer communication)
rpm Revolutions per minute
SA link Sensor--actuator link
SBC Safe brake control
SBH Safe operating stop
SBM Safe brake management
SBR Safe acceleration monitoring
SBT Safe brake test
SCA Safe cam
SCC Safety Control Channel
SG Safely limited speed
SGA Safety--related output
SGE Safety--related input
SH Safe standstill
SI SINUMERIK Safety Integrated® (integrated safety technology)
SIC Safety Info Channel

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition A-821
Appendix 10/15
A.3 Abbreviations

SIL Safety Integrity Level

SILCL SIL claim limit
SK Softkey
SLP Safely Limited Position
SLS Safely Limited Speed
SMC Sensor Module Cabinet Mounted: external adapter box to con-
nect an encoder to DRIVE--CLiQ
SME Sensor Module Externally Mounted: Sensor Module with a high
degree of protection for mounting outside the electrical/control
cabinet
SMI Sensor Module Integrated: external adapter box to connect an
encoder to DRIVE--CLiQ, integrated in the motor
SMM Safe Motion Monitoring
SMx Common term for SMI, SMC and SME
SN Safe software cam, safe cam track
SOS Safe Operating Stop
SPL Safe Programmable Logic
SS1 Safe Stop 1 (safe stop 1, corresponds to stop Category 1
according to EN 60204)
SS2 Safe Stop 2
SSM Safe Speed Monitor
STO Safe Torque Off
STOP A, B, C, Stop response: in the event of a fault, the system responds
D, E, F corresponding to the configured stop response (see Chapter
6.3)
SW Software
T1 lifetime
T2 diagnostic test interval
TCP Tool center point
TEA Testing data active (machine data identifier)
Ü Gear ratio
UI User interface
UL Upper limit

© Siemens AG 2015 All Rights Reserved

A-822 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Appendix
A.4 Terms

A.4 Terms
Actuator
Converter that converts electrical signals into mechanical or other non--electrical
quantities.
Category
Used in ISO 13849--1 to ”Classify safety--related parts of control with reference to
their immunity to faults and their behavior when a fault condition exists as a result
of the structural arrangement of the parts/components and/or their reliability”.
Channel
Element or group of elements that execute function(s) independently of one an-
other.
2--channel structure
This is a structure that is used to achieve fault tolerance.
For instance, a 2--channel protective door control can only be implemented if at
least two enable circuits are available and the main circuit is redundantly shut
down or a sensor (e.g. Emergency Stop switch) with two contacts is interrogated
and these are separately routed to the evaluation unit.
Fail--safe
The ability of a control system, also when faults occur (failure), to maintain a safe
condition of the controlled equipment (e.g. machine, process), or to bring the
equipment into a safe condition.
Failure/fault
Failure
A piece of equipment or device can no longer execute the demanded function.
Error
Undesirable condition of a piece of equipment or a device, characterized by the
fact that it is unable to execute the demanded function.
Note: ”Failure” is an event and ”fault” is a condition.
Fault tolerance
Fault tolerance N means that a piece of equipment can still execute the required
task even if N faults are present. For N+1 faults, the equipment can no longer ex-
ecute the required function.
Performance Level (PL)
This is a measure defined in ISO 13849--1 for the safety--related performance of a
control system.
Redundancy
Availability of more than the necessary equipment to execute the required tasks.

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition A-823
Appendix 10/15
A.4 Terms

Risk
Combination of the probability of damage occurring and the extent of the damage.
Safety
Free from any unacceptable risk.
Functional safety
The part of the safety of a piece of equipment (e.g. machine, plant) that depends
on the correct function.
Safety function
Function of a machine, whereby failure of a function (malfunction) can directly in-
crease the risk.
Safety functions of control systems
A function ”initiated by an input signal and processed by the safety--related parts of
controls, that allows the machine (as system) to reach a safe condition”.
Safety goal
To keep the potential hazards for personnel and the environment as low as possi-
ble without restricting more than absolutely necessary, industrial production, the
use of machines or the manufacture of chemical products.
Safety Integrity Level (SIL)
Measure, defined in EN 61508, for the safety--related performance of an electrical
or electronic control device.
Stop Category
Term used in EN 60204--1 to designate three different stopping functions.
Stopping
Function that is intended to avoid or reduce impending or existing hazards for per-
sonnel, damage to the machine or the execution of work. This has priority over all
operating modes.

© Siemens AG 2015 All Rights Reserved

A-824 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
Index
Characters Connection name SDP, 7-250
Connection number (RDP), 7-264
$A_STOPESI, 6-138
Connection number (SDP), 7-253
$MN_INFO_PROFISAFE_CYCLE_TIME,
Correction factor, safely reduced speed, 8-501
7-217
CPU--CPU communication, 7-239
$VA_STOPSI, 6-138
Crosswise data comparison, 4-52, 5-87, 7-288

Numbers D
3--terminal concept, 7-197
DAC output, 9-573
Data, Change, 9-570
Deactivating SBH/SG monitoring, 6-131
A Defining the cam positions, 6-177
Absolute encoder, 5-90 Delete password, 9-567
Acceptance test, 9-567 Different channel run times, 7-195
Actual value synchronization, 5-103 Diverse structure, 2-36, 2-38
Actuator, A-823 Downloading standard motor data, 8-436
Adjusting the motor encoder, 5-95 DRIVE--CLiQ encoder, 5-93
Alarms, for 840D, 10-633
Assigning priorities to alarms, 10-798
Axis not referenced, 5-96 E
Axis referenced, 5-97
Electrical safety, 1-25
Axis safely referenced, 5-97
EMC directive, 1-16
Axis signals, SCC/SIC, 8-528
EN 61508, 1-23
Enable option, for 840D, 9-563
Enable screen form (RDP), 7-264
B Enable screen form (SDP), 7-253
Basic standards, 1-18 Enabling, functions, 8-386
Brake test, 7-324 Enabling functions, 5-105
Braking behavior for STOP B/C, 6-135 Encoder limit frequency, 6-152
Encoder limit frequency, parameterizable,
6-152
C Encoder type combinations, 5-90
Encoder types, 5-90
Cam signals, 6-175
2--encoder system, 5-92
Category, A-823
EnDat 2.2 converter, 5-95
Changing SI data, 9-570
Error response (RDP), 7-265
Changing--over the speed limit values, 6-154
Error response (SDP), 7-254
Channel, A-823
ESR, 6-138
Checksum, 10-614
Protection, 8-497
Clock cycle overruns, 7-217
CNC systems, 2-33 F
Commissioning 840D sl F master, 7-219
Initial commissioning, 9-562 F net data filter, 7-220, 7-224
Series commissioning, 9-568 F net data filter (RDP), 7-262
Communication, NCK and PLC--SPL, 7-323 F net data filter (SDP), 7-252
Comparison clock cycle, for 840D, 8-357 F_DP communication, 7-239
Confirm_SI_HW.log, 9-588 F_RECVDP, 7-256
Connection name (RDP), 7-261 F_SENDDP, 7-245

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition I-825
Index 10/15

Fail--safe, A-823 Motor encoder, 5-90

Failure/fault, A-823 Multiple assignment, 7-203
Fault tolerance, A-823 Multiple distribution, 7-202
Forced checking procedure, 4-56, 7-195
Forced checking procedure, safety relay, 7-313
Frequency limit, 6-152 N
Name, symbolic, 7-218
NCK--SPL programming, 7-293
G NCK--SPL--SGE/SGA, 7-193
Gantry axis, 11-805 NCK/PLC data exchange, 7-283
Global checksums, 10-614 NCU link, 11-808
Group standards, 1-18

O
H OEM applications, 11-807
HLA module, 4-53

P
I Parking an axis, 11-805
I/O start address (RDP), 7-261 Parking an axis with absolute reference,
I/O start address (SDP), 7-250 11-805
Identifier of the F_DP communication Password for Safety Integrated, 4-55
relationship (RDP), 7-261 PDS, 3-45
Incremental encoder, 5-90 Plant/system coupling, 7-239
Incremental encoder functionality, 11-806 PLC drives, 4-84
Initialization, Safety relay, 7-310 Power Drive Systems, 3-45
Interface signals Product standards, 1-18
from the drive, 8-505 PROFIsafe clock cycle overruns, 7-217
to the drive, 8-500 PROFIsafe I/O interface, 7-234
PROG_EVENT, 7-297
PROG_EVENT mechanism, 7-297
L Protective mechanisms, 7-293
Language scope, SAFE.SPF, 7-301
Limiting the speed setpoint, 11-801
Logbook, 9-567 Q
Logical basis addresses, 7-242 Quality, 10-607

M R
Machine data for 840D Redundancy, A-823
Description, 8-354 Reference point reached, 5-96, 5-97
Overview, 8-348 Replacing a motor, 9-588
Machine measurement, 5-96 Replacing an encoder, 9-589
Measuring system changeover, 11-805 Risk, A-824
Modulo display, 6-179 Risk analysis, 1-25
Modulo value safe cams, 8-388 Risk assessment, 1-25
Monitoring channel, 7-189 Rotary axis, 8-386
Monitoring cycle, 5-85 Cam actual value range, 6-179
for 840D, 8-356 Endlessly turning, 6-179
Monitoring time (RDP), 7-263 Modulo display, 6-179
Monitoring time (SDP), 7-252 Safe software cams, 6-179

© Siemens AG 2015 All Rights Reserved

I-826 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
10/15 Index

S SBH, 6-115
SBR, 6-147
Safe Brake Adapter, 4-68
SBT, 7-324
Safe brake management, 7-324
SCC, 7-344
Safe cam track, 6-176, 6-180
Axis signals, 8-528
Safe cams, 6-175
SE, 6-171
Safe end positions, 6-171
Selecting speed limit values, 6-153
Safe operating stop
Selector gearbox, 5-101
Deselection, 6-118
Series commissioning, 9-568
Features, 6-115
Service display, 7-191
Preconditions, 6-116
Servo trace, 9-573
Selection, 6-116
Set axis monitor, 9-566
Safe software cam
Set password, 9-563
Features, 6-175
SG, 6-151
Preconditions, 6-177
SG override, 6-159, 8-501
Special case, 6-177
SG specific STOPs, 6-158
Tolerance, 6-175
SGA, SBH active, 6-119
Hysteresis, 6-178
SGE/SGA
Safe software limit switch
Signal propagation times, 7-195
Configurable stop responses, 6-173
Minimum number, 7-193
Features, 6-171
SGE/SGA assignment, for 840D sl, 9-566
Limits, 6-171
SGEs, Standstill via STOP, 6-126
Preconditions, 6-172
SI I/O, 10-612
Safe speed
SI relay, 7-308
Configured stop responses, 6-156
SIC, 7-344
Features, 6-151
Axis signals, 8-528
Preconditions, 6-151
Sim--NCK systems, 11-808
Selection, 6-153
SIRELAY, 7-312
Safe speed monitoring, 6-164
Slip for 2--encoder system, 5-103
Safe standstill
Slot mode
Features, 6-110
Input modules, 7-235
Selecting/deselecting, 6-110
Output modules, 7-237
Safe Stop 1, 4-63
SN, 6-176
Safely limited speed, 6-151
Speed/standstill monitoring, 2-33
Changing--over the limit values, 6-154
SPL assignment (RDP), 7-262
Override for, 8-501
SPL assignment (SDP), 7-251
Safety, A-824
SPL connection, identifier (SDP), 7-250
Safety Control Channel, 7-344
SPL data on the PLC side, 7-321
Safety function, A-824
SPL I/O--communication, 7-233
Safety goal, A-824
SPL start without axial safety enable, 7-296
Safety Info Channel, 7-344
SPL system errors, 7-289
Safety Integrated
SPL--SGA, PROFIsafe, 7-225
Acknowledging faults, 4-81
SPL--SGE, PROFIsafe, 7-221
Function diagram overview, 4-84
SS1, 4-63
Parameter overview, 4-82
Standstill tolerance, 6-115
Password, 4-55
Standstill via SGEs, 6-126
Stop responses, 4-80
Start SPL, 7-299
Safety Integrity Level (SIL), A-824
StateFault, 7-233
Safety power on, 7-296
STO, 4-60
Safety relay, 7-308
STOP A, Description, 6-129
Safety relay, test, 7-313
STOP C, Description, 6-133
Save stop position, 5-98
Stop Category, A-824
Saved stop position, 5-98

© Siemens AG 2015 All Rights Reserved

SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition I-827
Index 10/15

STOP D, Description, 6-135 System variables $A_XFAULTSI,

STOP E, Description, 6-138 $VA_XFAULTSI, 8-537
STOP F, Description, 6-140
Stop response
SG specific, 6-158 T
STOP A, 4-80
Test stop, for external STOPs, 6-144
STOP F, 4-80
Testing the switch--off signal paths, 4-56
Stop responses
Tolerance for SN, 6-175
Assignment table, 6-125
Trace, 10-624
Priority, 6-125
Troubleshooting, for 840D sl, 10-597
Sequence, 6-126
Two--channel structure, 2-36, 2-38
Stop responses, configurable, 6-124
Two--encoder system, 5-92
Stopping, A-824
Stopping delay times, Cancel, 6-145
Sub--slot, 7-219, 7-223
Sub--slots, 7-259 U
Substitute values (RDP), 7-265 User agreement, 5-99, 9-567
Switch on, 5-108 User agreement: Interlocking, 5-101
Switch--off signal paths, Stop responses, 6-122 User configuration, 7-292
Symbolic name, 7-218
Synchronized action, 7-291
Synchronizing cam signals, Enable, 6-178 V
System error, F_DP communication, 7-281
Velocities and speeds, 6-152
System variable, 7-316
Velocity setpoint, 11-801
System variable $VA_IS, 8-536

© Siemens AG 2015 All Rights Reserved

I-828 SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) -- 10.2015 Edition
To Suggestions

SIEMENS AG Corrections
A&D MC MS1 for document:
P.O. Box 3180
SINUMERIK 840D sl/
D--91050 Erlangen SINAMICS S120
SINUMERIK Safety Integrated
Fax: +49 (0) 9131 / 98 -- 63315 [Documentation] (FBSI sl)
mailto:docu.motioncontrol@siemens.com
http://www.siemens.com/automation/service&support
Order number 6FC5 397--4BP40--5BA3
Sender

Name Edition: 10/2015

Address of your Company/Dept. Should you come across any

printing errors when reading this
Street publication,
please notify us on this sheet.
Postal code: Location: Suggestions for improvement are
Phone: / also welcome.
Fax: /

Suggestions and/or corrections