Safety at Work has been a part of AS-Interface for over 10 years now. It is a very reliable means of networking industrial safety products. Very demanding applications need extra configuration in the software to prevent nuisance shutdowns. These shutdowns can be caused by high vibration on the machine opening up mechanical contacts or high noise sources disrupting network communications. Here are some software settings to reduce or eliminate these nuisance shutdowns.
Warning: Make sure that all additional times, seen in these examples, are added to your safe shutdown calculations.
Vibration causing single channel opening
Filtering is often used on safety magnetic door switches. The two independent contacts can open up independently depending on the magnetic target alignment or contact bounce caused by a slammed safety gate. You can also use filtering on emergency stops that may receive a lot of vibration.
Emergency stops typically have two independent springs that hold the mechanical contacts together. Pressing the e-stop pushes the contacts apart, but high vibration may cause one of these springs to bounce open. You can prevent the system from shutting down by adding an extra “tolerance time.” If a single contact opens and closes again before this time is exceeded, then the system will not shut down.
Figure 1: Filtering with an additional tolerance time
Vibration causing two channels to open
In certain situations, when the vibration conditions are very severe, both contacts may open. In this case, the standard “tolerance time” will not help. Here, a “switch-off delay” time can be added after your emergency stop. Make sure that this delay time is longer than the “contact stabilizing time” set in the emergency stop’s configuration. In Figure 1, the contact stabilizing time is 0.5 s, so our time must be larger than this.
Figure 3: Switch-off delay time of 750 ms
Noise causing retries on the AS-Interface network
A normal AS-Interface network can handle network noise. Up to five consecutive retries per AS-Interface node on the network are possible before any node is shut down and put through the standard discovery phase again. Safety systems are more demanding. A much lower threshold of only one retry is allowed before a safety system will shut down. To combat this lower threshold, a new configuration option called “augmented reliability” is available. The idea is very simple. A loss of network communication for the specified time period is allowed and will not cause a shutdown.
Figure 4: An augmented reliability time used to permit a short loss of communication
Reaction time calculations
The worst-case reaction times must be considered. The safety monitor, VAS-2A8L-KE4-8SE, itself has a maximum response delay time of 50 ms. Only extend the time in the application to as long as necessary to avoid nuisance shutdowns. Use the new time calculations to make sure the system reacts as fast as required.
Tolerance interrupt time + augmented reliability + off-delay time + safety monitor response delay = 400 ms + 200 ms + 750 ms + 50 ms = 1400 ms.
Make sure to also include any additional reaction times caused by the safety devices themselves. Also include reaction times due to safe coupling of networks, safe output modules, and safe relay expansion modules. The safety monitor delay time is assumed to be 50 ms, but make sure to check the actual delay time of your safety controller.