Dual Channel Estop Design

Tim Ganz

Member
T
Join Date
Dec 2010
Location
Dallas, Texas
Posts
689
Looking at some new equipment we are installing the OEM has 6 estop button stations along the length of the machine.

Each station has 3 N.C. contact blocks of which one set is channel 1 to the safety relay and the second set is channel 2 to the safety relay and the 3 set is to the PLC input card to display on the HMI which button was hit.

In the past I have seen the same setup but having channel 1 and 2 as N.C. and the 3rd contact block back to the PLC as a N.O. contact.

In the PLC you can change your logic to Examine on or Examine off and make it work either way but is there one of these methods better than the other and if so why?

I am just trying to understand the Pro's and Con's of both methods.
 
Tim,
think about your statement.
set 1 and 2 are for a dual channel e-stop circuit.
The 3rd set of wiring is going thru a N.C. contact going into a plc input(s). when the wiring is hot (no e-stop) condition, the input(s) will show a 1 in the input table.

when you hit the e-stop, one or more of the inputs will turn off in the input table. the location can be reset rather quickly.

if you used n.o. contacts when you hit the e-stop, the input will turn on. But what if one of the wires isn't connected correctly due to maintenance error? what if a wire is broke?

Yes, the e-stop safety relay will trip, but how would you find the e-stop location? especially if the prodiction line is 500 ft long.

regards,
james
 
If you are daisy chaining the stations, everything has to be NC to detect a single button push. If the third contact was NO, you'd have to push every E-Stop in the chain to close that circuit.

However, many times, the PLC gets a separate input for each EStop instead of just the signal from the SR that it pulled in. This is to display which button was pushed on the HMI and/or in the alarm list, in which case, I would still lean toward having an NC input. While not a "safe" input, the code may still be looking at this to prevent certain commands and an NC input at least requires wiring of some kind to come on. Any sensor that is related to safety or that is crucial to prevent a crash I do as NC.

In the Safe PLC world, where each EStop is wired individually into safe inputs rather than daisy chaining anything, you want a dual contact that is Anti-Equivalent (one NC and one NO) for maximum safety. Using double NC or double NO EStops on individual safety inputs is not a matter of preference, it is wrong and reduces your safety performance level.
 
The channel 1 and channel 2 between the stations is in series but the plc contact goes from each switch back to the input card. There is an input for each button not 1 input for all.

Almost every other design I have seen like this the safety relay channels are N.C. which they should be and the PLC indicator is N.O.
 
In your case, the PLC input is just an indicator and I thought it didn't really mater if it is NC or NO. I said in my previous post that I would lean toward wanting it to be NC, but I've never done a setup like that (daisy chaining the buttons for the SR and then individual wiring for PLC inputs); thinking about it more and I think having all NC contacts could cause safety issues if the wiring gets mixed up.

If, for instance, the PLC input 24V source got swapped with button 4's Estop A and a similar mistake put the 24V source for the PLC input on button 5's Estop B, then buttons 1, 2 and 3 would not kill the SR and, as long as all the EStops were pulled out, the PLC would not see a problem either. The only way to tell something was up is that pushing an estop would cause button 4 and 5 to register as pushed in the PLC.

Long story short, I think you're right that the PLC contact should be NO so it is less likely a wiring mistake could incapacitate EStop buttons.
 
Last edited:
James Mcquade said:
Tim,

......Yes, the e-stop safety relay will trip, but how would you find the e-stop location? especially if the prodiction line is 500 ft long.

regards,
james
Click to expand...

I think that when you put multiple circuits in switches like this , you don't much care how difficult it is to find the location.... If you don't think one set of contacts will make while the other does not, I can tell you from experience, it can and does.

I think the whole idea of multiple circuits in a safety circuit is just silly, and this safety relay stuff has gotten outta hand... far as that goes the whole safety schmear has gotten outta hand
 
realolman said:
I think that when you put multiple circuits in switches like this , you don't much care how difficult it is to find the location.... If you don't think one set of contacts will make while the other does not, I can tell you from experience, it can and does.

I think the whole idea of multiple circuits in a safety circuit is just silly, and this safety relay stuff has gotten outta hand... far as that goes the whole safety schmear has gotten outta hand
Click to expand...

I would have to disagree with you. I am quite fond of my limbs and I like the idea of dual redundant safety circuits when I am working on 400 ton presses like new have here.

If someone gets caught and you have to hit an estop or pull cord you want to know beyond the shadow of any doubt that it will work when needed.
 
I withdrew this post.

I don't agree, but I don't want an argument... I should have thought of that a couple posts ago.
I apologize
 
Last edited:
realolman,

I read your first reply, and your edited reply, before you withdrew it...

You're lucky! I was about to tear strips of you, and believe me, there is no E-Stop on my strip tearing machine! :mad:

Joking aside...If you'd asked the question nicely, why is it safer?, with an open mind, you'd never know, you might just have learned something?

I know where you're coming from with the multiple circuits gripe, and how they can misbehave, but that's more often down to the manufacturer of the devices that are giving the trouble, than the concept of dual redundancy and auxiliary monitoring.

Tim,

More often than not, the auxiliary contacts on safety devices are usually only for indication or interlocking in the program as good practice. N.O. or N.C. does not really matter if the contact is not relied upon for the safety function. As you pointed out, you design the logic to suit the input type.

Wiring faults can affect either type, as with any circuit design. A N.C. input to the PLC can have a short, just as easily as a N.O. can have a loose wire.

Yes, N.O. is more common than N.C. for auxiliaries, but that's derived more from the standard logic of ON = ACTIVE than anything else. Having triple N.C. contacts on an E-Stop push button should not create a permanent wiring fault. The supply for the auxiliary contact will come from the system power supply unit, or the PLC. The supply for the dual channel contacts will be sourced from the safety relay's specific supply terminals. On most safety relays these are special outputs to the channel circuits, which use diversity and pulse testing to detect crossfaults. The diagnostic measures, incorporated in the safety relay, will detect mis-wiring at the E-Stop's contacts. AB's MSR safety relays, for instance, use diversity - one channel is switching +V, the other -V.

N.C. auxiliary contacts are sometimes used in the safety relay's monitored manual reset. This way, not only must the E-Stops dual contacts be reset closed, but the auxiliary contact as well, before a reset can be actuated. This is not mandatory in any way, just another good practice.

Regards,
George
 
A N.C. contact has the advantage of operating to generate the PLC input on any wire breakage whereas a wire breakage or open circuit will prevent the N.O. contact from generating a PLC input.
 
Yes, that's true Paul, but likewise...

A N.O. contact has the advantage of operating to generate the PLC input on any short circuit whereas a short circuit will prevent the N.C. contact from generating a PLC input.

As I said, there are pros and cons to either wiring method and which to choose will be a user preference.

Regards,
George
 
I see far more "fail open"s and broken wires than welded contacts and short circuits...especially with safety gear. Yes, it is only my experiences and my opinion, but I see N.C. contacts as a favorable choice for stop signals as a general rule of thumb.
 
Last edited:
Forget the NO/NC argument.

Wire each device to programmable safety device and you won't need a third contact to detect which button is pressed. In to the bargain you'll get checking of shorts between channel etc. and 100% diagnostic coverage for EN13849 (which you'll never achieve with a daisy chain estop system). Not sure of the regs accross the pond.

Another great disadvantage of the daisy chain is the likely circuit resistance. Most devices have a limit of 20 to 30 ohms and if your circuit resitance approaches this value then you will end up with an unreliable system that will be hard for the average maintenance man to diagnose any fault.

Nick
 
Last edited:
Geospark said:
realolman,

I read your first reply, and your edited reply, before you withdrew it...

You're lucky! I was about to tear strips of you, and believe me, there is no E-Stop on my strip tearing machine! :mad:

Joking aside...If you'd asked the question nicely, why is it safer?, with an open mind, you'd never know, you might just have learned something?

I know where you're coming from with the multiple circuits gripe, and how they can misbehave, but that's more often down to the manufacturer of the devices that are giving the trouble, than the concept of dual redundancy and auxiliary monitoring.


George
Click to expand...

Good morning to you, too... so nice of you to let it go after I tried to.

If someone gets caught and you have to hit an estop or pull cord you want to know beyond the shadow of any doubt that it will work when needed.
Click to expand...

that is supposed to be the point of the whole matter, and while claiming you would "tear strips of me" ( which I doubt ) you admitted "how they can misbehave"

This is an excellent site, and I do not want to disrespect it with an argument, and after posting what I realized was probably an inflammatory post, I withdrew it, and apologized...but I have no intention of allowing you to rub my nose in anything either, so perhaps you might want to tone it down a bit.... or not ... suit yourself
 
Last edited:
Geospark said:
realolman,

I read your first reply, and your edited reply, before you withdrew it...

You're lucky! I was about to tear strips of you, and believe me, there is no E-Stop on my strip tearing machine! :mad:

Joking aside...If you'd asked the question nicely, why is it safer?, with an open mind, you'd never know, you might just have learned something?

I know where you're coming from with the multiple circuits gripe, and how they can misbehave, but that's more often down to the manufacturer of the devices that are giving the trouble, than the concept of dual redundancy and auxiliary monitoring.

Tim,

More often than not, the auxiliary contacts on safety devices are usually only for indication or interlocking in the program as good practice. N.O. or N.C. does not really matter if the contact is not relied upon for the safety function. As you pointed out, you design the logic to suit the input type.

Wiring faults can affect either type, as with any circuit design. A N.C. input to the PLC can have a short, just as easily as a N.O. can have a loose wire.

Yes, N.O. is more common than N.C. for auxiliaries, but that's derived more from the standard logic of ON = ACTIVE than anything else. Having triple N.C. contacts on an E-Stop push button should not create a permanent wiring fault. The supply for the auxiliary contact will come from the system power supply unit, or the PLC. The supply for the dual channel contacts will be sourced from the safety relay's specific supply terminals. On most safety relays these are special outputs to the channel circuits, which use diversity and pulse testing to detect crossfaults. The diagnostic measures, incorporated in the safety relay, will detect mis-wiring at the E-Stop's contacts. AB's MSR safety relays, for instance, use diversity - one channel is switching +V, the other -V.

N.C. auxiliary contacts are sometimes used in the safety relay's monitored manual reset. This way, not only must the E-Stops dual contacts be reset closed, but the auxiliary contact as well, before a reset can be actuated. This is not mandatory in any way, just another good practice.

Regards,
George
Click to expand...

I did not know how the diversity worked. Very Educational Thanks George!!.

I guess I will stick with the OEM design of N.C. all the way but I wanted to be sure as they have a lot of other things on this equipment that are very wrong so at this point I am questioning everything.
 

Similar Topics

P
Emergency Stop (E-Stop) Wiring Options - Dual Channel
Hi, I would like some recommendations/advice on wiring of a dual channel Emergency Stop for a 240V AC motor (single phase), I have 3 options in...
2 3 4
Replies
47
Views
13,595
bb76
B
R
Rotork Actuator MK3 Simple Dual Channel Profibus Communication With GE Fanuc 90-30
Dear All, I am trying to communicate between GE Fanuc PBM101 profibus master and Rotork actuator simple dual channel type module. I have used...
Replies
1
Views
1,628
rahilansari
R
M
1769-ASCII simultaneous (dual channel) on RSlogix500
I need help to develop an application that can send and receive ASCII data in both channels 0 and 1 simultaneously. The sample is attached to the...
Replies
0
Views
1,629
miqueias86
M
K
GuardLogix Safety Programing (L72) - Dual Channel Inputs
All, I have a hopefully simple question regarding programming safety routines. Say we have 2 EStop loops wired in parallel configured to be...
Replies
0
Views
4,174
kdcui
K
J
cheap dual pump water booster simulation build parts PLC VFD PID
Hi, I would like to assemble a simulator/practice booster pump system that uses PID to maintain steady water pressure under various outlet demands...
Replies
0
Views
82
JoeM61
J
Back
Top Bottom