Description of the RFC 4072S
108580_en_02 PHOENIX CONTACT 25 / 272
2.2 Safety-related mode of operation of the RFC 4072S
Behavior of the safety-
related PROFINET
controller in PROFIsafe
(F-Host) / safety-related
controller
The RFC 4072S contains a powerful two-channel safety-related controller for PROFIsafe
(safety-related PROFINET controller, abbreviated: iSPNS 3000). The iSPNS 3000 is per-
manently integrated in the RFC. The PROFIsafe security protocol is transmitted via the
PROFINET network. The safety function is programmed in the PLCnext Engineer software.
The iSPNS 3000 monitors and controls the safety function in a PROFIsafe system. Its func-
tion is to decide whether or not a safe output may be set, for example.
In this document, the iSPNS 3000 is also referred to as a safety-related controller.
Demand of a programmed
safety function
Following the demand of a programmed safety function (e.g., safety door open), the safety-
related controller executes the programmed safety function. The relevant safe outputs of the
F-Devices are set to the programmed value of the safety function.
Behavior in the event of an
error/safe state (failure
state)
The integrated diagnostic function detects errors that have occurred. Any serious errors
detected in the RFC with safety-related controller, which may lead to the loss of the pro-
grammed safety function or adversely affect the programmed safety function, will set the
device to the safe state (failure state). In this state, the safe outputs of the safe F-Devices
are set to zero (FALSE).
The safe state is displayed on the “Safety PLC” tile of the display:
– The FS (Failure State) diagnostic display (LED) is shown in red.
– The “Safety PLC” tile itself is highlighted red.
In the event of an error, if you are connected online to the PLCnext Engineer, information
about the error is also displayed in the software.
For descriptions of error states, associated effects, and appropriate measures for error
removal, please refer to Section “Errors, diagnostic messages and troubleshooting” on
page 143.
Passivation and
reintegration
If the communication relationship between the safety-related controller and the F-Device is
aborted, for example due to a communication error, the device is passivated. Passivation
prevents the device from starting up immediately as soon as the communication relationship
is reactivated. Passivation and reintegration are displayed via Boolean variables, which the
PLCnext Engineer automatically generates for each F-Device. F-Devices can also be pas-
sivated or reintegrated from the application program via these variables.
If an operator acknowledge request of the passivated F-Device is present, PROFIsafe-spe-
cific acknowledgment can be performed with a subsequent operator acknowledge reinte-
gration. A non-safety-related signal can be used, for example. This overrides the passiva-
tion. As a result, the F-Device is reintegrated.
For more information about passivation and reintegration, please refer to Section 4,
“Startup and validation” and Sections “Management/diagnostic variables for F-Devices”
on page 121, “Management/diagnostic variables for each configured F-Device” on
page 183 and “Global management/diagnostic variables for F-Devices” on page 187.
To Next Page
Loading...
Need help?
General
