Switchover
Conditions that result in switchover
R301.1 Experion C300 Controller User's Guide 199
11/06 Honeywell
Conditions that result in switchover
The Secondary controller must be in either the Synchronized state or Standby state for a
switchover to occur. The following conditions result in a switchover:
• Switchover command (from Primary or Secondary Platform FB).
• Both FTE links to Primary controller are lost.
• Both IOL channels connected to Primary C300 I/O Link X are lost where:
− X is the I/O Link number (i.e. equally applies to either I/O Link).
− The IOLINK Type for this I/O Link has a value other than NONE
− There is at least one configured IOM communicating on the I/O Link.
ATTENTION
Controller redundancy protects against all single faults and some dual faults.
The Primary C300 Dual IOL Cable Disconnect switchover trigger is a dual
fault that cannot be detected until after some control has been back-initialized
with failsafe data. Although this dual fault affects control, switchover provides
automatic recovery that doesn't require the operator to diagnose how to deal
with a primary that has a complete loss of IOM view
• Loss of input power to Primary controller
• Primary controller failure
• Removing the powered Primary controller module from its IOTA
• Starting with an unsynchronized redundant controller pair with both controllers
experiencing a dual-FTE cable disconnect, FTE reconnect to the secondary
controller results in initial-sync followed by immediate switchover.
Conditions that do not result in a switchover
These conditions do not result in a switchover:
• Redundancy cable (private path) between Primary and Secondary controllers is lost.
• Single or both FTE links to Secondary controller are lost.
• Single or both IOL channels connected to Secondary C300 I/O LINK are lost.
• Loss of input power to Secondary controller
To Next Page
Loading...
Need help?
General
