|William Chitham||07/04/2021 12:13:01|
|95 forum posts|
After using my Boxford with the original 3 phase controls for a while I converted it to single phase with a Mitsubishi VFD and have been controlling it with a little remote parameter setting unit ever since. The remote unit duplicates the controls on the front of the VFD and has tiny buttons so not ideal but has helped crystalize ideas of how I want controls to work. Main thing is I want to go back to a 3 way forward/off/reverse switch for the normal running but I want to have a push button controlled jog function. I think this should work ok and have worked out a wiring scheme shown here. On the Mitsubishi the jog function trigger can be assigned to several different terminals, I'm using RL here. I have the Mitsubishi manual and I think I can set all the parameters I need to get this to work, the thing I can't figure out is how to arrange safety stops. This needs to do two things:
1. Provide an "panic button" emergency stop.
2. Hook up the various interlocks to prevent running with covers open.
I think it should be possible to use the Safety Stop (S1 7 S2) terminals to do this but the manual only seems to describe using this with a "safety relay module". I think that a simple continuity circuit across these terminals will do the job but it also needs a reset function to prevent it restarting when offending door is closed if the run switch is left on - this is because the logic of the unit will be set to work with an "always on" signal to the start terminal (STF or STR). I hope there is a parameter setting to do this but haven't found it yet.
Have any Mitsubishi users out there any ideas about how best to achieve this?
|Robert Atkinson 2||07/04/2021 12:59:26|
932 forum posts
You could use a 24V no-volt release start / E-Stop module. These a re cheap enough. Arrange the guard switch(es) to drop out the no volt coil and one contact to the VFD.
|Oily Rag||07/04/2021 13:10:17|
361 forum posts
Or a case for a pair of relays with inversion so that a 'flip flop' push switch ensures the primary relay stays de-energised until it is physically reset. The flip flop will work on the primary relay actuator circuit. This will mean the relay is held 'on' during normal usage - gives 'fail safe' for all other conditions. Might be more complicated than a NVR system though.
|William Chitham||07/04/2021 13:18:48|
|95 forum posts|
If you mean a 240v NVR on the mains input to the inverter then I'm reluctant to do that because as I understand it it is bad practice (ie likely to damage the VFD) to stop it by cutting power on the input side.
I expect some external arrangement of switches and relays could work but I'm hoping that a simple continuity loop through S1 and or S2 will do the job if I can find the correct parameters to prevent restart when continuity is restored.
|William Chitham||07/04/2021 14:50:39|
|95 forum posts|
Ok, just had an illuminating conversation with a chap at Inverter Drive Supermarket. By default the two safety channels, S1 & S2, are shorted to PC (24volts). Any interruption to that voltage on either of them will cause the VFD to trip and immediately cut output power (I think it can also be programmed to apply an emergency brake to whatever machine it is powering) once tripped it will need a reset before it will power up again. I haven't quite figured out the reset circuit yet but I'm going to experiment with the basic continuity loop idea. Obviously this could include any number of door switches, interlocks and big red buttons.
|Bob Jepp||07/04/2021 16:19:17|
|41 forum posts|
I had a quick look at the Mitsubishi manual for the FR E729S inverter. The wiring diagram shows details of the safety circuits which show dual inputs S1 and S2 for the safety stop. It is intended that each device in the safety system should be provided with two electrically independent contacts ( closed when safe and open when unsafe ). Each circuit ( PC to S1 and PC to S2 ) should contain one of the dual contacts in each circuit. The intention is that there is two identical safety circuits which normally operate together hence giving two chances of a safe stop - operating only one circuit ( such as in the case of a mechanical failure ) causes a lock-out until both circuits are opened.
PLEASE, PLEASE make sure that the principles are adhered to - they are there to keep us safe ( even if they are a little more difficult to understand and implement ).
|William Chitham||07/04/2021 17:30:01|
|95 forum posts|
So should I be duplicating the circuit and use double pole switches or is it more complicated than that?
|Robert Atkinson 2||07/04/2021 19:13:21|
932 forum posts
Meant a 24V NVR, powered from the PC terminal and contacts to the safety circuit.
Addressing Bobs comment, while using dual circuit stops is best practice, it depends on the machine. A Failure Modes & Effects Analysis (FMEA) would be carried out and severity of failures addressed. The level of protection will depend on the hazards and use. For a non CNC lathe or mill used by a skilled operator a dual circuit protection system would not normally be required. If you did a safety analysis on a chain saw as a new invention it would never be allowed!.
One particular failure mode of most E-Stops is that the switch module fits on the back of the button assembly and it's actuator has to be pressed to open the contacts and stop the machine. If the switch block is not fitted or falls off for some reason the E-stop wont work, dual circuit or not. The only mitigation for this is testing the E-Stop, but the switch block could drop off as you reset it. I've looked for a fail-safe E-Stop but never found one.
|William Chitham||08/04/2021 11:33:01|
|95 forum posts|
Beg your pardon, I hoped that was what you meant but my searches (24V e stop; 24v NVR; low voltage NVR) haven't turned one up yet. Could you point me in the right direction?
|Bob Jepp||08/04/2021 12:49:51|
|41 forum posts|
Inverters are a complexed, software controlled motor drives. As such, we must understand that the drive may fail either without any power to the motor or with full power to the motor ( or anywhere in between ). Since the inverter is under software control, either failure mode is possible and the standard Start, Stop, Forward an Reverse controls which also pass via the software may become inoperable. To prevent unsafe situations, safe shutdown inputs are sometimes provided, generally preventing the output stage of the inverter from driving the motor, preventing power transfer by disabling the output devices.
So, lets look at the safety issues surrounding inverters on machinery :
According to the diagram posted by William, he is expecting to find door switches and an external Emergency Stop fitted to his machine.
The reason for the provision of two parallel safety circuits ( PC to S1 and PC to S2 ) is to reduce the affects of potential failures in the safety circuits - i.e. there are two chances of detecting a failure rather than one therefore the door switches and Emergency Stop should form part of these twin parallel circuits.
OK, so lets look at the requirement for safety switches on machinery :
Finally, one should provide two identical loops from PC to S1 and PC to S2 ( this is the reason that the drive manufacturer provides two terminals ) - looping the two safety inputs together defeats the purpose.
One final note regarding the safety circuits, the inverter should not re-start after the safety circuits are completed following a safety stop but must be provided with a manual method of re-starting i.e. a Reset pushbutton or maybe the Start button to be pressed again.
Finally, to address Robert Atkinson 2's comment regarding the integrity of Emergency Stop switches, it is generally accepted that designers of industrial control systems will incorporate a suitable monitoring relay which is specifically designed to detect such faults ( and many others ). The Mitsubishi manual details such a system a few pages on from the normal connection drawing.
Sorry to drag this out, but our safety is of the utmost importance.
|Bob Jepp||08/04/2021 12:57:33|
|41 forum posts|
Just reading the comments regarding an NVR - again, this compromises the comcept of the dual safety circuits by degrading the safety system from a double to a single circuit. Any device connected to the safety inputs should be CE marked. There are specialist safety relays whose job it is to make guarding safety safer - they most definitely are not cheap ( something like £100 upwards depending upon the level of safeguarding required ).
7010 forum posts
A circuit matching William's requirement would be helpful. For example I'm confused about the practical implementation of: 'one should provide two identical loops from PC to S1 and PC to S2 ( this is the reason that the drive manufacturer provides two terminals ) - looping the two safety inputs together defeats the purpose.'
Also, which rules are quoted and who do they apply to? I note repeated use of the word 'should', which is advisory, rather than the far stronger 'must', which is mandatory. In a safety regime, 'should' allows judgement calls whenever the hazard level doesn't justify the need for full-on mitigation. Health and safety rarely requires 100% compliance with everything that could possibly be done to cover all eventualities. Few home workshops have written policies covering training, procedures, roles, responsibilities, and record keeping even though they 'should'! Not because we're gung-ho, but because those measures expensively address risks model engineers effectively manage in other ways. We aren't employers.
Anyone aware of a VFD starting a machine unexpectedly due to a fault? Certainly possible, but I've never seen a report. I suggest the risk is low, especially compared with an old lathe switched at the mains socket with no NVR or safety interlocks at all. Even they don't cause much trouble!
Amateur radio is much more likely to kill people than Model Engineering. Hams fall off towers and roof-tops, touch power cables with Aluminium ladders and dangling antenna, aerials collapse on them, and they get RF burns, high-voltage shocks mending big amplifiers, and are occasionally struck by lightning. Been a few murders and lost at sea disappearances too. Even so, the risk is statistically tiny compared with riding motorbikes!
|Bob Jepp||08/04/2021 19:57:25|
|41 forum posts|
Download the instruction manual from :
On page 3-14 is a table showing the control circuit specifications for input circuits. The bottom two lines detail the requirements for the control of Safety Stop S1 and S2.
" S1/S2 are safe stop signals for use with in conjunction with an approved external safety unit. Both S1/S2 must be used in dual channel form. etc... "
Page 3-24 provides the manufacturers suggested method of connection of the 'approved external safety unit ' in fig. 3-15 ( other 'approved external safety units ' are available from other manufacturers ).
Since the manufacturers specifically state that "S1/S2 are safe stop signals for use with in conjunction with an approved external safety unit", it would appear that the drive does not have the capability to perform the dual channel integrity checking.
Should we do what the manufacturer tells us ? Having been responsible for the risk assessment, design, building, commissioning and testing of hundreds of control systems for machine tools, robots and industrial automation over 40 years, I am not brave enough to depart from the manufacturers instructions. In industry, such control systems must conform the the latest legislation - at home, it's your choice, unless of course someone else is injured by your equipment in which case you will be liable.
Dave is quite correct in saying that we do not HAVE TO be 100% compliant with Health and Safety at home or in industry but the risk of injury is always there, the responsibility is yours.
Dave also says " Anyone aware of a VFD starting a machine unexpectedly due to a fault? " - this is not the point - the point is to reduce the risk to an acceptable level. Software controlled equipment is defined as unsafe with the exception of devices specifically designed, manufactured and certified for that purpose ( simplistically, such devices must be designed in a fail safe manner and must contain two completely separate systems even to the extent that some devices use a totally different design for each of the systems, different components and different software ).
"an old lathe switched at the mains socket with no NVR or safety interlocks at all." don't cause much trouble except when you have a power failure, fiddle with the machine/chuck/motor and happen to have your hands in the machine when the power comes back on again.
So, we need a realistic approach - the choice is yours ! I have dealt with second-hand machines for many years it is quite acceptable to buy and use a second-hand machine in whatever state you find it, but in industry we are covered by the Provision and Use of Work Equipment Regulations ( PUWER ) under which we are compelled to carry out a risk assessment on the equipment before allowing our employees to use it ( it has to pass the risk assessment - obviously ). This is supposed to ensure that any safety issues are dealt with before use.
At home, we are not covered by any of this legislation unless we 'substantially alter the machine' - oh yes, we just fitted an inverter ! in which case a competent person must re-assess the machines safety.
What to do and where to pitch our changes to the machine - well, I would suggest that there should be no shortcuts. Health and Safety say we are expected to 'take all reasonable steps' to ensure that the equipment is safe to operate - there is a discussion whether cost comes into the 'all reasonable steps' as excess cost may limit the 'reasonable steps'.
When we consider a normal bench drill, milling machine etc. without electronic control, we conclude that the single channel on/off system is adequate ( Start button, Stop button and NVR ), but there again, there is no software controlled device in the equation.
What would I do, the $64,000 question ! Having risk assessed the machine, I would go with my assessment - I would investigate the "re-start after a fault" situation and make my decision then ( if the drive does not restart automatically then the safety relay COULD potentially be left out, but I'm not advising that without the risk assessment ).
Lastly, Dave, in Fig. 3-15 the Emergency stop button is shown ( centre left ) - to add more safety interlocks just add them in series with the Estop contacts. The safety relay will complain if you don't have the wiring correct.
Please login to post a reply.
Want the latest issue of Model Engineer or Model Engineers' Workshop? Use our magazine locator links to find your nearest stockist!
You can contact us by phone, mail or email about the magazines including becoming a contributor, submitting reader's letters or making queries about articles. You can also get in touch about this website, advertising or other general issues.
Click THIS LINK for full contact details.
For subscription issues please see THIS LINK.