Documentation for

TwinSAFE Loader

Tool to load and adapt a TwinSAFE project

Version: 2.3.0
Date: 2019-07-22
 Table of contents

Table of contents
1 Foreword .................................................................................................................................................... 5
1.1 Notes on the documentation.............................................................................................................. 5
1.2 Safety instructions ............................................................................................................................. 6
1.2.1 Delivery state .....................................................................................................................  6
1.2.2 Operator's obligation to exercise diligence ........................................................................  6
1.2.3 Description of safety symbols ............................................................................................  7
1.3 Documentation issue status .............................................................................................................. 8

2 System description ................................................................................................................................... 9

2.1 General .............................................................................................................................................. 9
2.2 System limits...................................................................................................................................... 9

3 Product description................................................................................................................................. 10
3.1 System requirements....................................................................................................................... 10
3.1.1 Operating System ............................................................................................................  10
3.1.2 Target system ..................................................................................................................  11
3.1.3 Communication with the TwinSAFE logic component .....................................................  12
3.2 Intended use .................................................................................................................................... 13
3.3 Functioning ...................................................................................................................................... 13
3.3.1 Communication................................................................................................................  13
3.3.2 Authentication ..................................................................................................................  13
3.3.3 Loading a safety project...................................................................................................  14
3.3.4 Activation of a safety project............................................................................................  14
3.3.5 Deleting a safety project ..................................................................................................  15
3.3.6 Customizing a safety project............................................................................................  15
3.3.7 List of the current group configuration .............................................................................  16
3.3.8 Additional functions..........................................................................................................  17
3.4 List of all available parameters ........................................................................................................ 18
3.5 Safety parameters ........................................................................................................................... 18
3.6 Error codes ...................................................................................................................................... 19
3.7 FMEDA ............................................................................................................................................ 19

4 EtherCAT Mailbox Gateway .................................................................................................................... 22

4.1 Settings EtherCAT Mailbox Gateway .............................................................................................. 22
4.2 Beckhoff Virtual Ethernet Adapter ................................................................................................... 23
4.3 Adding a route ................................................................................................................................. 25

5 Appendix .................................................................................................................................................. 27
5.1 Support and Service ........................................................................................................................ 27
5.2 Certificates....................................................................................................................................... 28
5.2.1 Letter of Confirmation ......................................................................................................  28

TwinSAFE Loader Version: 2.3.0 3

Table of contents

4 Version: 2.3.0 TwinSAFE Loader

 Foreword

1 Foreword

1.1 Notes on the documentation

Intended audience

This description is only intended for the use of trained specialists in control and automation engineering who
are familiar with the applicable national standards.

It is essential that the following notes and explanations are followed when installing and commissioning
these components.

The responsible staff must ensure that the application or use of the products described satisfy all the
requirements for safety, including all the relevant laws, regulations, guidelines and standards.

Origin of the document

This documentation was originally written in German. All other languages are derived from the German
original.

Currentness

Please check whether you are using the current and valid version of this document. The current version can
be downloaded from the Beckhoff homepage at http://www.beckhoff.com/english/download/twinsafe.htm.
In case of doubt, please contact Technical Support [} 27].

Product features

Only the product features specified in the current user documentation are valid. Further information given on
the product pages of the Beckhoff homepage, in emails or in other publications is not authoritative.

Disclaimer

The documentation has been prepared with care. The products described are subject to cyclical revision. For
that reason the documentation is not in every case checked for consistency with performance data,
standards or other characteristics. We reserve the right to revise and change the documentation at any time
and without prior announcement. No claims for the modification of products that have already been supplied
may be made on the basis of the data, diagrams and descriptions in this documentation.

Trademarks

Beckhoff®, TwinCAT®, EtherCAT®, EtherCAT G®, EtherCAT G10®, EtherCAT P®, Safety over EtherCAT®,

TwinSAFE®, XFC®, XTS® and XPlanar® are registered trademarks of and licensed by Beckhoff Automation
GmbH. Other designations used in this publication may be trademarks whose use by third parties for their
own purposes could violate the rights of the owners.

Patent Pending

The EtherCAT Technology is covered, including but not limited to the following patent applications and
patents: EP1590927, EP1789857, EP1456722, EP2137893, DE102015105702 with corresponding
applications or registrations in various other countries.

TwinSAFE Loader Version: 2.3.0 5

Foreword

EtherCAT® and Safety over EtherCAT® are registered trademarks and patented technologies, licensed by
Beckhoff Automation GmbH, Germany.

Copyright

© Beckhoff Automation GmbH & Co. KG, Germany.

The reproduction, distribution and utilization of this document as well as the communication of its contents to
others without express authorization are prohibited.
Offenders will be held liable for the payment of damages. All rights reserved in the event of the grant of a
patent, utility model or design.

Delivery conditions

In addition, the general delivery conditions of the company Beckhoff Automation GmbH & Co. KG apply.

1.2 Safety instructions

1.2.1 Delivery state

All the components are supplied in particular hardware and software configurations appropriate for the
application. Modifications to hardware or software configurations other than those described in the
documentation are not permitted, and nullify the liability of Beckhoff Automation GmbH & Co. KG.

1.2.2 Operator's obligation to exercise diligence

The operator must ensure that
• the TwinSAFE products are only used as intended (see chapter Product description);
• the TwinSAFE products are only operated in sound condition and in working order.
• the TwinSAFE products are operated only by suitably qualified and authorized personnel.
• the personnel is instructed regularly about relevant occupational safety and environmental protection
aspects, and is familiar with the operating instructions and in particular the safety instructions contained
herein.
• the operating instructions are in good condition and complete, and always available for reference at the
location where the TwinSAFE products are used.
• none of the safety and warning notes attached to the TwinSAFE products are removed, and all notes
remain legible.

6 Version: 2.3.0 TwinSAFE Loader

 Foreword

1.2.3 Description of safety symbols

In these operating instructions the following instructions are used.
These instructions must be read carefully and followed without fail!

DANGER
Serious risk of injury!
Failure to follow this safety instruction directly endangers the life and health of persons.

WARNING
Risk of injury!
Failure to follow this safety instruction endangers the life and health of persons.

CAUTION
Personal injuries!
Failure to follow this safety instruction can lead to injuries to persons.

NOTE
Damage to the environment/equipment or data loss
Failure to follow this instruction can lead to environmental damage, equipment damage or data loss.

Tip or pointer
This symbol indicates information that contributes to better understanding.

TwinSAFE Loader Version: 2.3.0 7

Foreword

1.3 Documentation issue status

Version Comment
2.3.0 • Description of target system extended
• Added TwinSAFE Loader Version v7
2.2.0 • Added TwinSAFE Loader Version v6
2.1.1 • Note to Virtual Ethernet Adpater added
• Parameter --localams added
2.1.0 • Added extensions for TwinSAFE Loader, version v5
2.0.0 • Migration
• List of supported hardware updated
1.2.0 • Setting up EtherCAT Mailbox Gateway added
1.1.0 • Expanding system requirements
• Foreword updated
1.0.0 • First released version
0.0.7 • Functions Delete and Customize added
0.0.6 • Note added to FMEDA chapter
• Graphic added to Chapter 2.1
0.0.5 • Addition of the FMEDA
• Exchange of Chapters 3.2 and 3.3
0.0.4 • Resorting of chapters
0.0.3 • Chapter 3.7, CSV format added
0.0.2 • Revision of call parameters
0.0.1 • First draft

8 Version: 2.3.0 TwinSAFE Loader

 System description

2 System description

2.1 General
The TwinSAFE Loader is a software for loading a safety project to an EL69xx or EK19x0 safety controller
independently of the TwinCAT development environment. The starting point of a loading procedure is a
binary file that is exported in advance from the TwinCAT development environment.

Following the actual loading procedure, it is possible to adapt the safety project. To perform an adaptation,
the safety project must be configured accordingly in the TwinCAT development environment. The TwinSAFE
groups that are to be activated, deactivated or be passivated must be parametrized accordingly and the safe
substitute values for the outputs of the groups must be defined during the development by the programmer.
These substitute values are also part of the binary file that the programmer created after completion of the
safety program.

Fig. 1: TwinSAFE Loader - Overview

2.2 System limits

The TwinSAFE Loader software is delivered as an executable program library and is available for the
Windows and Linux operating systems. This library can be integrated into applications. The various functions
of the program library are controlled by corresponding command line parameters.

The safety project can only be loaded for the EL6900 TwinSAFE logic terminal. It is not possible to adapt the
safety project here.

The safety project can be loaded and adapted for the EL6910 TwinSAFE logic terminal, the EK1960
TwinSAFE controller and any future TwinSAFE products.

A TwinCAT version 3.1 or higher is required to create a corresponding safety project.

TwinSAFE Loader Version: 2.3.0 9

Product description

3 Product description
The TwinSAFE Loader is a program library for the loading and adaptation of a safety project for TwinSAFE
logic components. Before describing the functional mode of the product in detail, the system requirements
for the successful use of the TwinSAFE Loader are dealt with in the following section.

3.1 System requirements

3.1.1 Operating System

To run the TwinSAFE Loader, the following system requirements must be met depending on the operating
system.

3.1.1.1 Windows
No additional components are required for the operating system Windows 7 (32 bit).

The following table lists the different versions of the TwinSAFE Loader and the associated SHA checksums.
File name Operating system Version SHA Checksum
TwinSAFE_Loader.exe Win32 v1 SHA1:
3dfc76aca223f04a0e91677f2c6452df8a39a8f9
v5 SHA256:
970a4ee096e181d20cea42d700c6ded1253a61a
34c9ea00a5db6cc9ee99693f6
v6 SHA256:
177f74ae6ce036ecc0f747f1f1324cfd890c627be9
1c111429a4bf124a3a1a1d
v7 SHA256:
e8287a0c23229cedb821e3a5b56459101ca45aa
badaa185e4313bd7ad3a92d47

10 Version: 2.3.0 TwinSAFE Loader

 Product description

3.1.1.2 Linux
No additional components are required for the operating system Ubuntu 16.04.

The following table lists the different versions of the TwinSAFE Loader and the associated SHA checksums.
Filename Operating system Version SHA Checksum
TwinSAFE_Loader.bin Linux x86 64-Bit v1 SHA1:
c37f52a2fb8e3609346671feb2f60c9cba2bd2f9
v5 SHA256:
462a9f652eab4ad43fb0dbf487bb3db9fa71a596c
e339fb9fd5990f544d0a808
v6 SHA256:
972391f4aa88322dc8ffad415919ae814095ab73
49f059ffcb03e8a8c5d0f8a5
v7 SHA256:
b184816a9a17caeb1d7baca2395d30207cac463
b63638930de0dc4f20539bedf
TwinSAFE_Loader-i386.bin Linux x86 32-Bit v5 SHA256:
4b25dbd486cd56a3da411e7b1643be6834b7db5
1c3cb58bfb9caecdd36bdc9e1
v6 SHA256:
11ed882fd06dd28f19ec3a7c458fdebf87b8fdd26
9bec930a145056ece4dc835
v7 SHA256:
3af9a3a22fffa7a399c9aa5c1763ba588bc2680be
b8d3cadfd165739f4dca099

3.1.2 Target system

The supported TwinSAFE logic components can be taken from the following list:
Product name SW version
EL6900 05 or newer (Production from week 02/2014)
EL6910 01 or newer
EK1960 01 or newer
EL1918 01 or newer
EL2911 01 or newer
EP1957-0022 01 or newer
EJ6910 01 or newer
EJ1914 01 or newer
EJ1918 01 or newer
EJ2914 01 or newer
EJ2918 01 or newer
EJ1957 01 or newer

The components listed in the table above are directly supported in the current version of the TwinSAFE
loader.

NOTE
Integration of new TwinSAFE logic components
If a new TwinSAFE logic component is available which is not directly supported in the current version of the
TwinSAFE loader, it can be included by an additional configuration file.

TwinSAFE Loader Version: 2.3.0 11

Product description

To integrate a new TwinSAFE logic component, an additional file "custom_terminals.csv" must be created in
the directory of the TwinSAFE Loader execution file. This file can then be filled in the following syntax so that
new components can be supported (lines 1 and 2 are fixed). Using the example of a new logic component
ELxxxx, which is based on the TwinSAFE Logic EL6910, the file would have to be extended as shown in line
5.

File: custom_terminals.csv
1
class;type
EL6910;EL6910
EL6910;EP1957-0022
EL6910;ELxxxx

Furthermore, an updated version of this configuration file can always be found on the Beckhoff website when
new components are introduced without direct support from the TwinSAFE Loader.

3.1.3 Communication with the TwinSAFE logic component

The TwinSAFE Loader supports the following protocols for the loading or adaptation of a safety project to a
TwinSAFE logic component.

ADS over EtherCAT (AoE)

EtherCAT Mailbox Gateway

For successful communication with the TwinSAFE logic component, the TwinSAFE Loader must be able to
establish a connection with the EtherCAT master existing in the system. The following system requirements
must be fulfilled for this:

3.1.3.1 ADS over EtherCAT (AoE)

The EtherCAT master must be configured so that it accepts AoE connections (according to ETG.1020) on
port 0xBF02 (TCP/IP).

3.1.3.2 EtherCAT Mailbox Gateway

The EtherCAT master must be configured so that it accepts packets of the EtherCAT mailbox gateway
(according to ETG.8200) on port 0x88A4 (UDP/IP).

12 Version: 2.3.0 TwinSAFE Loader

 Product description

3.2 Intended use

WARNING
Risk of injury!
TwinSAFE terminals may only be used for the purposes described below!

CAUTION
Follow the machinery directive!
The TwinSAFE terminals may only be used in machines according to the machinery directive.

WARNING
Loading and adapting the project - workflow!
For loading and adapting a safety project, the user must specify a workflow in order to ensure that the cor-
rect safety project for the application is activated on the TwinSAFE logic component.

WARNING
Loading and adapting the project - authentication!
The user must ensure that only authorized persons are able to load or adapt the safety project.

3.3 Functioning
The task of the TwinSAFE Loader is to load a safety project to a TwinSAFE logic component independently
of the TwinCAT development environment or to adapt a safety project already existing on a TwinSAFE logic
component.

The data packets necessary for this are transmitted via the EtherCAT master existing in the system to the
corresponding component. The functions of the TwinSAFE Loader are controlled by command line
parameters.

3.3.1 Communication
The following parameters must be used to control communication.

Command line parameters Description

--gw <IPv4 address> Specification of the IPv4 address of the EtherCAT
mailbox gateway or, in AoE mode, the IPv4 address
of the EtherCAT master. As of version v5, the
EtherCAT master can also be addressed via the host
name in AoE mode.
--ams <NetId> Specification of the AmsNetID, if ADS over EtherCAT
(AoE) is to be used.
--localams <NetId> if --ams is used the local AMSNetID can be specified.
If the parameter is not used, the AmsNetID is formed
from its own IP address + ".1.1".

3.3.2 Authentication
The following parameters must be used to authenticate a user on the TwinSAFE logic.

Command line parameters Description

--user <user name> Name of the user with the appropriate rights to
perform the desired function.
--pass <password> Password of the user.

TwinSAFE Loader Version: 2.3.0 13

Product description

User management
Each TwinSAFE logic component has its own user administration. Only users registered in the
TwinSAFE logic component can perform certain functions.

3.3.3 Loading a safety project

The following parameters must be used to load a safety project.
Command line parameters Description
--slave <EtherCat address of the EtherCAT Specification of the EtherCAT slave address of the
slave> TwinSAFE logic component.
--proj <path to the binary file> Specification of the path to the binary file of the safety
project.

WARNING
Loading a safety project
The loading of a safety project typically consists of a two-step process. The safety project must be activated
after loading it to the TwinSAFE logic component.
This division of the process enables measures to be taken to ensure that the correct safety project for the
respective application on the TwinSAFE logic component is switched to active. The user must define these
measures. The user shall bear full responsibility to provide proof for the accuracy and efficacy of these
measures. See also Chapter FMEDA [} 19].
In the TwinCAT development environment, for example, the checksum of the transferred safety project is
checked and a repeat login carried out before the safety project is really enabled (see chapter Intended use
[} 13]).

The loading of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --proj ./
example.bin

Fig. 2: Call to load a safety project

3.3.4 Activation of a safety project

The following parameters must be used to activate a safety project.

Command line parameters Description

--slave <EtherCat address of the EtherCAT slave>
--proj <path to the binary file>
--crc <project CRC of the safety project to be
activated>
Specification of the EtherCAT slave address of the
TwinSAFE logic component.
Specification of the path to the binary file of the safety
project.
Specification of the project CRC of the safety project
to be activated.

The activation of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.117 --ams 192.168.1.117.2.1 --user Administrator --pass TwinSAFE --
slave 1007 --proj ./example.bin --crc 0x4273

14 Version: 2.3.0 TwinSAFE Loader

 Product description

Fig. 3: Call to activate a safety project

3.3.5 Deleting a safety project

The following parameters must be used to delete a safety project.

Command line parameters Description

--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--delete Command to delete the project

The deletion of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --delete

Fig. 4: Call to delete a safety project

3.3.6 Customizing a safety project

The following parameters must be used to customize a safety project.

Command line parameters Description

--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--customize <path to csv file> Specification of the path to the csv file for the group
configuration

The customizing of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --customize ./
groupconfig.csv

Fig. 5: Call to customize a safety project

3.3.6.1 CSV format of the group configuration

The CSV file for the customization consists of several lines of ASCII text, whose columns are separated by
semicolons. The column order is fixed and includes the following information

1st column: ID of the TwinSAFE group

2nd column: Indicates whether the group should be activated
3rd column: Indicates whether the group can and should be passivated
4th column: Indicates whether the group can and should be temporarily deactivated
5th column: Indicates whether the group can and should be permanently deactivated

The first line contains an unsigned integer, which is interpreted as the version number of the csv format:

TwinSAFE Loader Version: 2.3.0 15

Product description

"1"

The second line contains the header:

"id;activate;passivate;temporarily;permanent"

The (2+n)th line contains the configuration of the nth TwinSAFE group in the format:

<id>;[AE];[ADE]; [ADE]; [ADE]

A: Active

D: cannot be activated

E: can be activated, but is currently inactive

Example Logic Terminal Listing (Tabular form)

1
id; activate; passivate; temporarily; permanent
1; E; E; E; A
2; E; A; D; D

Example of TwinSAFE group configuration (plain text)

1
id;activate;passivate;temporarily;permanent
1;E;E;E;A
2;E;A;D;D

This is a version-1 csv format;

The file contains a configuration for a TwinSAFE project with 2 groups.

1. The first group can be activated, passivated, temporarily deactivated and permanently deactivated. Its
current state is permanently deactivated.
2. The second group can only be activated or passivated. Its current state is passivated.

3.3.7 List of the current group configuration

The following parameters must be used to list the groups of a safety project.

Command line parameters Description

--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--list <file name> Saves the list of the group configuration as a CSV list
in the specified file.

The listing of the groups of a safety project takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --user Administrator --pass TwinSAFE --slave 1007 --list ./
groupconfig.csv

Fig. 6: Call to list the groups of a safety project

3.3.7.1 CSV format of the group configuration

The csv format corresponds to the csv format from chapter 3.3.6.1 [} 15].

16 Version: 2.3.0 TwinSAFE Loader

 Product description

3.3.8 Additional functions

The following additional functions can be used via parameters.

Command line parameters Description

--list <file name> Saves the list of all available slaves as a CSV list in
the specified file.

The listing of the available slaves takes place, for example, as shown in the following call:
TwinSAFE_Loader --gw 192.168.1.254 --list ./safetyterminals.csv

3.3.8.1 CSV format of the list of all available slaves

The CSV file listing the compatible EtherCAT slaves consists of several lines of ASCII text, whose columns
are separated by semicolons. The column order is fixed and includes the following information

1st column: EtherCat address of the slave

2nd column: FsoE address of the slave
3rd column: Terminal type of the slave
4th column: Project CRC of the project currently active on the slave
5th column: Name of the EtherCAT slave in TwinCAT

The first line contains the header:

"EtherCAT address; "FSoE address; type; project crc; name"

The (1+n)th row contains the configuration of the nth EtherCAT slave in the format:

<EtherCAT address>;<FSoE address>;<Type>;<Project CRC>;<Name>

Sample Logic Terminal Listing (Tabular form)

EtherCAT address; FSoE address; type; project crc; name;

1001; 1; EL6900; 0x0; Term 2 (EL6900)
1003; 3; EL6910; 0x0; Term 4 (EL6910)
1004; 50; EL6930; 0x4539; Term 5 (EL6930)

Sample Logic Terminal Listing (Clear text)

EtherCAT address;FSoE address;type;project crc;name
1001;1;EL6900;0x0;Term 2 (EL6900)
1003;3;EL6910;0x0;Term 4 (EL6910)
1004;50;EL6930;0x4539;Term 5 (EL6930)

The file contains a listing of three logic terminals

1. The first logic terminal is accessible via the EtherCAT address "1001", it has the FSoE address "1", it
is of the type "EL6900", no project is currently active on it ("0x0") and it is called "Term 2 (EL6900)"
2. The second logic terminal is accessible via the EtherCAT address "1003", it has the FSoE address "3",
it is of the type "EL6910", no project is currently active on it ("0x0") and it is called "Term 4 (EL6910)"
3. The third logic terminal is accessible via the EtherCAT address "1004", it has the FSoE address "50",
it is of the type "EL6930", the project with the CRC "0x4539" is currently active on it and it is called
"Term 5 (EL6930)"

TwinSAFE Loader Version: 2.3.0 17

Product description

3.4 List of all available parameters

Command line parameters Description
--gw <IPv4 address> Specification of the IPv4 address of the EtherCAT
mailbox gateway or, in AoE mode, the IPv4 address
of the EtherCAT master.
--ams <NetId> Specification of the AmsNetID, if ADS over EtherCAT
(AoE) is to be used.
--localams <local AMSNetID> if --ams is used the local AMSNetID can be specified.
If the parameter is not used, the AmsNetID is formed
from its own IP address + ".1.1".
--user <user name> Name of the user with the appropriate rights to
perform the desired function.
--pass <password> Password of the user.
--slave <EtherCat address of the EtherCAT slave> Specification of the EtherCAT slave address of the
TwinSAFE logic component.
--proj <path to the binary file> Specification of the path to the binary file of the safety
project.
--crc <project CRC of the safety project to be Specification of the project CRC of the safety project
activated> to be activated.
--list <file name> Together with the command parameter --gw:
Saves the list of all available slaves as a CSV list in
the specified file.
--list <file name> Together with the command parameters --gw and --
slave:
saves the list of the group configuration as a CSV list
in the specified file.
--customize <path to csv file> Specification of the path to the csv file for the group
configuration
--delete Command to delete the project

3.5 Safety parameters

The product is classified in accordance with IEC 61508:2010 as a T2 tool.

18 Version: 2.3.0 TwinSAFE Loader

 Product description

3.6 Error codes

The product has the following error codes.
Error code Meaning Possible cause
0x0000 No error Action successfully carried out
0x0001 Invalid parameter Command-line parameter was incorrect
0x0002 File does not exist or is corruptedProject file is corrupted or the specified path is invalid
0x0003 Login failed The specified user name or password is invalid on the logic
terminal
0x0004 Unknown EtherCAT slave No slave could be found for the specified EtherCAT
address
0x0005 Error during the data transmission The communication connection was disconnected

3.7 FMEDA
The following table contains the FMEDA for the TwinSAFE loader. The errors are described in the
FailureMode column, in Effect the effect and in Diagnostics how the errors are detected or not detected.

CAUTION
FMEDA
The last column, User measures required of the following table indicates whether the user has to take ac-
tion to handle the errors described under FailureMode in a safe manner. These measures must be defined
and implemented by the user in the form of e.g. process descriptions or software specifications. The user
shall bear full responsibility to provide proof for the accuracy and efficacy of these measures.

TwinSAFE Loader Version: 2.3.0 19

Product description

FMEDA FailureMode Effect Diagnostics User mea-

ID sures required
1 A download with a defec- Prior to the actual download the current During the download the checksums No
tive project file is starting. safety project is deleted by the tool. The of the download packages are
download with the new project file is car- checked by the target system. The
ried out by the tool. download is canceled in the event of
discrepancy of the checksums..
2 A download with a project Download will be carried out completely Activation only occurs if the project Yes
file is starting which does and validly by the tool, but it won’t be acti- CRC of the activation record matches
not contain the expect vated yet. the project CRC of the target system.
project. A discrepancy leads to cancellation
of the activation.

11 A download and an acti- Download will be carried out completely Activation only occurs if the secure No
vation of the project are and validly by the tool, but it won’t be acti- address in the activation record
being carried out on a tar- vated yet. matches the secure address of the
get system which was not target system. A discrepancy leads to
intended from the point of cancellation of the activation.
view of the secure ad-
dress.
3 The download and the Download is carried out completely and Error is not detected by the tool. Yes
activation are being car- validly by the tool.
ried out with an unex-
pected project.

5 A user is attempting to Prior to start of the actual download Invalid access data is detected on the No
carry out a download with process a login is carried out with the in- target system during the login, the
false access data. valid access data on the target system. download is refused and a feedback
is given to the tool.
7 An unauthorized user is The download is successfully carried out. Error is not detected by the tool. Yes
attempting to carry out a
download with valid ac-
cess data.

13 Customizing is being car- The customizing is successfully carried Error is not detected by the tool. Yes
ried out by an unautho- out.
rized user with valid ac-
cess data.

14 Customizing is being car- Prior to starting the actual customizing Invalid access data is detected on the No
ried out by a user with process a login is carried out on the target target system during the login, cus-
false access data. system with the invalid access data. tomizing is refused and a feedback is
given to the tool.
8 Customizing record is be- The customizing is successfully carried Error is not detected by the tool. Yes
ing incorrectly transmit- out.
ted.

12 The wrong customizing Customizing action is carried out com- Error is not detected by the tool. Yes
record is being transmit- pletely and validly by the tool.
ted.

9 A communication connec- No action is executed on the target sys- An error code indicates a communi- No
tion cannot be estab- tem. cation error.
lished with the target sys-
tem.
15 While carrying out the Prior to the actual download the current An error code indicates the cancella- No
download the communi- safety project is deleted by the tool. The tion of the action.
cation connection to the download of a safety project only leads to
target system is can- a successful change of the active safety
celed. project if all steps of the download were
correctly carried out and the safety project
was activated. A cancellation of this
process leads to an empty target system.
16 While carrying out the The customizing is carried out by a single An error code indicates the cancella- No
customizing the commu- transaction. If this transaction is inter- tion of the action.
nication connection to the rupted, no action will be carried out on the
target system is can- target system. If the transaction is carried
celed. out, the correct action takes place on the
target system (provided there are no fur-
ther errors such as e.g. FMEDA ID 8).

20 Version: 2.3.0 TwinSAFE Loader

 Product description

FMEDA FailureMode Effect Diagnostics User mea-

ID sures required
10 The execution of the tool Prior to the actual download the current A successful download includes the Yes
is unexpectedly inter- safety project is deleted by the tool. The login on the target system, the dele-
rupted during the down- download of a safety project only leads to tion of the existing safety project, the
load of a safety project. a successful change of the active safety download of the new safety project
project if all steps of the download were and the activation of the new safety
correctly carried out and the safety project project. Only the successful execu-
was activated. A cancellation of this tion of all of the steps results in a
process leads to an empty target system. valid change of the safety project.
18 The execution of the tool The customizing is carried out by a single Current configuration data of the tar- Yes
is unexpectedly inter- transaction. If this transaction is inter- get system.
rupted during the cus- rupted, no action will be carried out on the
tomizing of a safety target system. If the transaction is carried
project. out, the correct action takes place on the
target system (provided there are no fur-
ther errors such as e.g. FMEDA ID 8).
24 A file is being specified No action is executed on the target sys- If the tool detects an unexpected No
for the customizing that tem. character during the processing of a
does not correspond to CSV file, further processing is can-
the CSV format. celed and an error is reported.

TwinSAFE Loader Version: 2.3.0 21

EtherCAT Mailbox Gateway

4 EtherCAT Mailbox Gateway

The EtherCAT Mailbox Gateway is required to access TwinSAFE logic components when ADS cannot be
used for communication.

The following description shows which settings must be made by way of example in order to be able to
communicate via the EtherCAT Mailbox Gateway.

The configuration for using the EtherCAT Mailbox Gateway consists of a TwinSAFE Loader PC on which the
TwinSAFE Loader is installed and a TwinCAT PC which serves as a gateway to route the requests from the
TwinSAFE Loader PC to the EtherCAT network and to the TwinSAFE logic components.

Fig. 7: EtherCAT Mailbox Gateway

4.1 Settings EtherCAT Mailbox Gateway

Activation of the EtherCAT Mailbox Gateway is performed via the advanced settings of the EtherCAT master.
These can be found under the EtherCAT tab when the EtherCAT master is selected in the TwinCAT tree
structure.

The settings for the EtherCAT Mailbox Gateway are summarized under the entry EoE Support. The Virtual
Ethernet Switch, Connect to TCP / IP Stack, and IP Enable Router must be enabled. In addition, the
EtherCAT Mailbox Gateway must be activated and an IP address outside the existing networks must be
selected. These settings require a restart of the TwinCAT PC.

22 Version: 2.3.0 TwinSAFE Loader

 EtherCAT Mailbox Gateway

Fig. 8: EoE Support

Whether these settings are correct should be checked locally with the ping command on the TwinCAT
computer. In this case, the command would read as follows:
ping 192.198.67.254

Fig. 9: The command ping 192.198.67.254

4.2 Beckhoff Virtual Ethernet Adapter

If the ping command has not yet delivered a positive result, it may be that the Beckhoff Virtual Ethernet
Adapter has yet to be configured.

To do this, open the network settings and select the Properties via the context menu of the Beckhoff Virtual
Ethernet Adapter.

TwinSAFE Loader Version: 2.3.0 23

EtherCAT Mailbox Gateway

Fig. 10: Network settings - context menu of the Beckhoff virtual Ethernet adapter

Beckhoff Virtual Ethernet Adapter

If there is no Virtual Ethernet adapter in the system listed, an EoE device (e.g. EL6601) can be
added under TwinCAT. Under the Extended EtherCAT settings of this device, under EoE the Virtual
Ethernet port can be activated.

In the properties of this network adapter, you set a fixed IP address that is within the network area of the
EtherCAT Mailbox Gateway. In the example, this is the IP address 192.198.67.13 with the subnet mask
255.255.255.0.

Fig. 11: Properties of the Beckhoff virtual Ethernet adapter

24 Version: 2.3.0 TwinSAFE Loader

 EtherCAT Mailbox Gateway

Whether this setting is correct should be checked again with the ping command locally on the TwinCAT
computer. The command would again be as follows:
ping 192.198.67.254

4.3 Adding a route

After all settings on the TwinCAT PC have been carried out and the local execution of the ping command
has been successful, an IP route has to be added to the TwinSAFE Loader PC.

The route is added by command route add from the command line.

The command prompt to add a route must be started as an administrator.

Fig. 12: Start the Windows command prompt as administrator

The route is then added using the following command:

route add 192.198.67.0 mask 255.255.255.0 172.17.42.29

The command returns an OK! when adding the route was successful.

The current routes can be displayed using the route print 192.198.* command.

TwinSAFE Loader Version: 2.3.0 25

EtherCAT Mailbox Gateway

Fig. 13: Windows command prompt

To check the function, a ping command should now be sent from the TwinSAFE Loader PC to the EtherCAT
Mailbox Gateway.
ping 192.198.67.254

Fig. 14: Windows command prompt - command ping 192.198.67.254

If the ping command returns a positive result, the EtherCAT Mailbox Gateway can also be used with the
TwinSAFE Loader.

26 Version: 2.3.0 TwinSAFE Loader

 Appendix

5 Appendix

5.1 Support and Service

Beckhoff and their partners around the world offer comprehensive support and service, making available fast
and competent assistance with all questions related to Beckhoff products and system solutions.

Beckhoff's branch offices and representatives

Please contact your Beckhoff branch office or representative for local support and service on Beckhoff
products!

The addresses of Beckhoff's branch offices and representatives round the world can be found on her internet
pages:
http://www.beckhoff.com

You will also find further documentation for Beckhoff components there.

Beckhoff Headquarters

Beckhoff Automation GmbH & Co. KG

Huelshorstweg 20
33415 Verl
Germany
Phone: +49 5246 963 0
Fax: +49 5246 963 198
e-mail: [email protected]

Beckhoff Support

Support offers you comprehensive technical assistance, helping you not only with the application of
individual Beckhoff products, but also with other, wide-ranging services:
• support
• design, programming and commissioning of complex automation systems
• and extensive training program for Beckhoff system components
Hotline: +49 5246 963 157
Fax: +49 5246 963 9157
e-mail: [email protected]

Beckhoff Service

The Beckhoff Service Center supports you in all matters of after-sales service:
• on-site service
• repair service
• spare parts service
• hotline service
Hotline: +49 5246 963 460
Fax: +49 5246 963 479
e-mail: [email protected]

TwinSAFE Loader Version: 2.3.0 27

Appendix

5.2 Certificates

5.2.1 Letter of Confirmation

28 Version: 2.3.0 TwinSAFE Loader

 Table of figures

Table of figures
Fig. 1 TwinSAFE Loader - Overview ..................................................................................................... 9
Fig. 2 Call to load a safety project ......................................................................................................... 14
Fig. 3 Call to activate a safety project.................................................................................................... 15
Fig. 4 Call to delete a safety project ...................................................................................................... 15
Fig. 5 Call to customize a safety project ................................................................................................ 15
Fig. 6 Call to list the groups of a safety project...................................................................................... 16
Fig. 7 EtherCAT Mailbox Gateway ........................................................................................................ 22
Fig. 8 EoE Support ................................................................................................................................ 23
Fig. 9 The command ping 192.198.67.254 ............................................................................................ 23
Fig. 10 Network settings - context menu of the Beckhoff virtual Ethernet adapter .................................. 24
Fig. 11 Properties of the Beckhoff virtual Ethernet adapter ..................................................................... 24
Fig. 12 Start the Windows command prompt as administrator ................................................................ 25
Fig. 13 Windows command prompt ......................................................................................................... 26
Fig. 14 Windows command prompt - command ping 192.198.67.254 .................................................... 26

TwinSAFE Loader Version: 2.3.0 29