3 Safety-Related Functions  11.03 
3.13  Behavior of Safety Integrated when the drive bus fails (from SW 6.4.15) 
 
  © Siemens AG 2003 All Rights Reserved 
3-198  SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 
3.13  Behavior of Safety Integrated when the drive bus fails 
(from SW 6.4.15) 
When the drive bus fails, then communications between the drive and NCK 
required for SI also fail. The pulses are immediately cancelled from both 
channels. This pulse cancellation must be delayed for a short time so that in 
this particular fault situation, a drive-autonomous response (ESR) can be 
carried-out at the machine. 
References:  Programming Guide Workshop Planning (PGA) 
This is the reason that after a bus failure has been detected, there must be a 
delay before canceling the pulses both in the NCK monitoring channel and in 
the drive monitoring channel. The selected axial SI functionality (SG,SE, SBH) 
at the instant that the drive bus failed, is still available through one channel in 
the drive monitoring channel. The NCK monitoring channel can no longer be 
monitored as there is no actual value. 
The PLC SPL remains functional in the scope in which the drive monitoring 
channel is not required. From the PLC-SPL it is not possible to select another 
monitoring functionality or immediately cancel the pulses via an external 
Stop A. 
The NCK-SPL also remains functional if it does not receive its input quantities 
($A_INSE) from the DMP modules connected to the drive bus – but instead via 
PROFIsafe I/O or the local inputs on the NCU. If another axial monitoring 
function (e.g. SE stage changeover) is selected, this remains ineffective as the 
axial NCK monitoring functions are de-activated. However, when an external 
STOP A is selected, this results in the pulses being immediately cancelled via 
terminal 663 – just the same as for an SBH selection. An SG changeover can 
also result in immediate pulse cancellation. 
If the NCK-SGA "enable pulses" is not output via the local outputs on the NCU, 
but via the DMP modules on the drive bus, then it is not possible to delay the 
pulse cancellation via terminal 663. The DMP modules delete their outputs 
when a drive bus failure is detected. 
If the internal pulse cancellation (also refer to Section 3.1.2 "Shutdown paths") 
is used, then the SGA "externally enable pulses" must be connected to terminal 
663. It is no longer possible to internally cancel the pulses via the drive bus. In 
this case, the SGA "externally enable pulses" must be output via the local 
outputs on the NCU. 
 
The delay time up to pulse cancellation via terminal 663 must be parameterized 
for a value greater than 0 in the NCK machine data 10089 
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL and in the appropriate drive 
machine data 1380 MD_SB_PULSE_DISABLE_TIME.  For a standard value of 
0, the function is de-activated; when the drive bus fails, the pulse enable signal 
for terminal 663 is immediately withdrawn. 
 
 
3.13.1  Behavior of the axial NCK monitoring channel 
If a delayed pulse cancellation is parameterized using MD 
$MN_SAFE_PULSE_DIS_TIME_BUSFAIL, after a bus failure, the SGA leave 
all of the axial SI monitoring channels in their old condition. After this delay time 
has expired, all SGA are, as before, deleted. The axial monitoring functions are 
immediately no longer processed after the bus fails as the basis for the 
monitoring function – the safe actual value – is no longer available. 
Activation