Diagnostics: FSoE Communication/Device State

This topic contains the following sections:

In a safety-related application, the safety-related communication and the operational state of safety-related devices should be monitored. This enables the Safety PLC to determine the state of the functional safety system.

For that purpose, system variables are provided which report

the status of the safety-related communication between the FSoE master (Safety PLC) and the FSoE slaves.
the operational state and condition of the configured FSoE devices.

In PLCnext Engineer, such diagnostic system variables should be evaluated in the application program, e.g., by programming an edge detection which reacts on the toggling of the Boolean values.

To inform the standard application about the condition of the functional safety application, the system variables can be assigned to exchange variables of the standard controller. Refer to the topic "Exchanging Data between Controller and Safety PLC" for details.

In case of a safety-related device/communication error, the machine must enter the defined safe state.

WARNING

Unintended machine operation

Make sure that your risk analysis includes a possible temporary or permanent malfunction of a safety-related device/module or of the communication between the Safety PLC (i.e., FSoE master) and the FSoE slaves.

Use the relevant diagnostic system variables provided by the Safety PLC to monitor the status of the FSoE communication between FSoE master and FSoE slaves involved in your safety application.

Verify that the machine enters the defined safe state (in accordance with the risk analysis) depending on the result of the system variables evaluation.

Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Validate the overall safety function and test the application.

Two categories of diagnostic FSoE system variables are distinguished:

FSoE - device diagnostic variables: available for each configured FSoE slave. Such device-related system variables contain the slave address (nnnn) of the affected device in the variable name: FSOE_MSTR_ADDR_[nnnn]_*.
FSoE - summarizing diagnostic variables: Global system variables for FSoE slaves which summarize all configured FSoE slaves. A global system variable is set to TRUE, if the respective condition applies to at least one configured FSoE slave.
The error remains until all slaves reset their error state. Via the global variable, all slave errors can be acknowledged at once.

The creation of these system variables can be enabled/disabled in PLCnext Engineer as described in the "FSoE parameterization chapter". This way, the number of available system variables in the Safety PLC Data List can be limited according to your requirements.

Monitoring the FSoE Communication

With regard to the monitoring of the FSoE communication, two different error types are distinguished and different diagnostic system variables are relevant:

Error type Relevant diagnostic system variable

Checksum error Checksum-related error detected by an FSoE device: system variables *CE_CRC.
The system variable is available

device-related (FSOE_MSTR_ADDR_[nnnn]_CE_CRC) and

globally (CE_CRC_FSOE_MSTR_GLOBAL).

Watchdog exceeded Watchdog error detected by an FSoE device: system variables *_WD_TIMEOUT.
The system variable is available

device-related (FSOE_MSTR_ADDR_[nnnn]_WD_TIMEOUT)

and globally (WD_TIMEOUT_FSOE_MSTR_GLOBAL).

How to set the FSoE slave watchdog time in PLCnext Engineer

In the PLANT, expand the bus controller node (e.g., 'EtherCAT') and the node of the safety-related FSoE device to be parameterized.

Double-click the FSoE slave node and open the 'Safety Parameters' editor.

In the 'FSoE Parameter Set' category set the 'Watchdog Time' parameter to configure the watchdog time.

Error type	Relevant diagnostic system variable
Checksum error	Checksum-related error detected by an FSoE device: system variables *CE_CRC. The system variable is available device-related (FSOE_MSTR_ADDR_[nnnn]_CE_CRC) and globally (CE_CRC_FSOE_MSTR_GLOBAL).
Watchdog exceeded	Watchdog error detected by an FSoE device: system variables *_WD_TIMEOUT. The system variable is available device-related (FSOE_MSTR_ADDR_[nnnn]_WD_TIMEOUT) and globally (WD_TIMEOUT_FSOE_MSTR_GLOBAL). How to set the FSoE slave watchdog time in PLCnext Engineer In the PLANT, expand the bus controller node (e.g., 'EtherCAT') and the node of the safety-related FSoE device to be parameterized. Double-click the FSoE slave node and open the 'Safety Parameters' editor. In the 'FSoE Parameter Set' category set the 'Watchdog Time' parameter to configure the watchdog time.

Further Info
For a detailed description of all available FSoE system variables, refer to the respective controller or FSoE device user manual.

Monitoring the FSoE Device Status

With regard to the monitoring of the operational state of FSoE devices, the following status types are distinguished and different diagnostic system variables are relevant:

Status type Relevant diagnostic system variable

Device passivated FSoE device has been passivated.
The system variable is available

device-related (FSOE_MSTR_ADDR_[nnnn]_PASS_OUT)

and globally (PASS_OUT_FSOE_MSTR_GLOBAL).

Possible reasons for the device passivation:

Passivation was requested out of the application by setting the device management system variable FSOE_MSTR_ADDR_[nnnn]_PASS_ON to TRUE.

A communication, device, or parameterization error exists (see FSOE_MSTR_ADDR_ [nnnn]_ACK_REQ system variable).

Device waits for operator acknowledge FSoE device requires an operator acknowledge request after removing a communication, or CRC, watchdog or FSoE device error.
The system variable is available

device-related (FSOE_MSTR_ADDR_[nnnn]_ACK_REQ)

and globally (ACK_REQ_FSOE_MSTR_GLOBAL).

Acknowledgment can be done after removing the error cause by setting the device-related management system variable FSOE_MSTR_ADDR_[nnnn]_ACK_REI or the global management variable ACK_REI_FSOE_MSTR_GLOBAL to TRUE.
Observe the hazard message below this table.

Status type	Relevant diagnostic system variable
Device passivated	FSoE device has been passivated. The system variable is available device-related (FSOE_MSTR_ADDR_[nnnn]_PASS_OUT) and globally (PASS_OUT_FSOE_MSTR_GLOBAL). Possible reasons for the device passivation: Passivation was requested out of the application by setting the device management system variable FSOE_MSTR_ADDR_[nnnn]_PASS_ON to TRUE. A communication, device, or parameterization error exists (see FSOE_MSTR_ADDR_ [nnnn]_ACK_REQ system variable).
Device waits for operator acknowledge	FSoE device requires an operator acknowledge request after removing a communication, or CRC, watchdog or FSoE device error. The system variable is available device-related (FSOE_MSTR_ADDR_[nnnn]_ACK_REQ) and globally (ACK_REQ_FSOE_MSTR_GLOBAL). Acknowledgment can be done after removing the error cause by setting the device-related management system variable FSOE_MSTR_ADDR_[nnnn]_ACK_REI or the global management variable ACK_REI_FSOE_MSTR_GLOBAL to TRUE. Observe the hazard message below this table.

WARNING

Unintended start-up

Make sure that executing an operator acknowledgment cannot result in any hazardous situations.

Make sure that appropriate procedures and measures (according to applicable sector standards) have been taken before executing an operator acknowledgment.

Do not enter the zone of operation and ensure that no other persons can access the zone of operation when executing an operator acknowledgment.

Use appropriate safety interlocks where personnel and/or equipment hazards exist.

Further Info
For a detailed description of all available FSoE system variables, refer to the respective controller or FSoE device user manual.