FBI2B4S1中文资料

美国fbi
美国联邦调查局
美国的情报机构之一
美国联邦调查局，是世界著名的美国最重要的情报机构之一，隶属于美国司法部，英文全称Federal Bureau of Invetigation, 英文缩写FBI。

“FBI”不仅是美国联邦调查局的缩写，还代表
着该局坚持贯彻的信條——忠诚 (Fidelity)、勇敢 (Bravery) 和
正直(Integrity),象征联邦警察。

五大影响社会的方面享有最高优先权:反暴行，毒品/有组织犯罪，外国反间谍活动，暴力犯罪和白领阶层犯罪等方面享有最高优先权。

2017年8月1日，克里斯托弗雷(Christopher Wray)正式出任
美国联邦调查局(FBI)局长。

1 Features•Single2.7V-3.6V Supply•Serial Peripheral Interface(SPI)Compatible•Page Program Operation–Single CycleReprogram(Erase and Program)–1024Pages(264Bytes/Page)Main Memory•Supports Page and Block Erase Operations•Two264-byte SRAM Data Buffers–Allows Receiving of Datawhile Reprogramming of Nonvolatile Memory•Continuous Read Capability through Entire Array–Ideal for Code Shadowing Applications•Low Power Dissipation–4mA Active Read Current Typical–2µA CMOS Standby Current Typical•20MHz Max Clock Frequency•Hardware Data Protection Feature•100%Compatible to AT45DB021and AT45DB021A• 5.0V-tolerant Inputs:SI,SCK,CS,RESET and WP Pins•Commercial and Industrial Temperature RangesDescriptionThe AT45DB021B is a2.7-volt only,serial interface Flash memory ideally suited fora wide variety of digital voice-,image-,program code-and data-storage applications.Its2,162,688bits of memory are organized as1024pages of264bytes each.In addi-tion to the main memory,the AT45DB021B also contains two SRAM data buffersof264bytes each.The buffers allow receiving of data while a page in the main mem-ory is being reprogrammed,as well as reading or writing a continuous data stream.Pin ConfigurationsCBGA Top Viewthrough PackageTSOP T op ViewT ype128-SOIC8-SOIC2AT45DB021B1937F –DFLSH –10/02EEPROM emulation (bit or byte alterability)is easily handled with a self-contained three step Read-Modify-Write operation.Unlike conventional Flash memories that are accessed randomly with multiple address lines and a parallel interface,the DataFlash uses a SPI serial interface to sequentially access its data.DataFlash supports SPI mode 0and mode 3.The simple serial interface facilitates hardware layout,increases system reliability,minimizes switching noise,and reduces package size and active pin count.The device is optimized for use in many commercial and industrial applications where high density,low pin count,low voltage,and low power are essential.The device oper-ates at clock frequencies up to 20MHz with a typical active read current consumption of 4mA.To allow for simple in-system reprogrammability,the AT45DB021B does not require high input voltages for programming.The device operates from a single power supply,2.7V to 3.6V,for both the program and read operations.The AT45DB021B is enabled through the chip select pin (CS)and accessed via a three-wire interface consisting of the Serial Input (SI),Serial Output (SO),and the Serial Clock (SCK).All programming cycles are self-timed,and no separate erase cycle is required before programming.When the device is shipped from Atmel,the most significant page of the memory array may not be erased.In other words,the contents of the last page may not be filled with FFH.Block DiagramMemory ArrayTo provide optimal flexibility,the memory array of the AT45DB021B is divided into three levels of granularity comprised of sectors,blocks and pages.The Memory Architecture Diagram illustrates the breakdown of each level and details the number of pages per sector and block.All program operations to the DataFlash occur on a page-by-page basis;however,the optional erase operations can be performed at the block or page level.3AT45DB021B1937F –DFLSH –10/02Memory Architecture DiagramDevice OperationThe device operation is controlled by instructions from the host processor.The list of instructions and their associated opcodes are contained in Tables 1through 4(pages 10and 11).A valid instruction starts with the falling edge of CS followed by the appropriate 8-bit opcode and the desired buffer or main memory address location.While the CS pin is low,toggling the SCK pin controls the loading of the opcode and the desired buffer or main memory address location through the SI (serial input)pin.All instructions,addresses,and data are transferred with the most significant bit (MSB)first.Buffer addressing is referenced in the datasheet using the terminology BFA8-BFA0to denote the nine address bits required to designate a byte address within a buffer.Main memory addressing is referenced using the terminology PA9-PA0and BA8-BA0where PA9-PA0denotes the 10address bits required to designate a page address and BA8-BA0denotes the nine address bits required to designate a byte address within the page.Read CommandsBy specifying the appropriate opcode,data can be read from the main memory or from either one of the two data buffers.The DataFlash supports two categories of read modes in relation to the SCK signal.The differences between the modes are in respect to the inactive state of the SCK signal as well as which clock cycle data will begin to be output.The two categories,which are comprised of four modes total,are defined as Inactive Clock Polarity Low or Inactive Clock Polarity High and SPI Mode 0or SPI Mode 3.A separate opcode (refer to Table 1on page 10for a complete list)is used to select which category will be used for reading.Please refer to the “Detailed Bit-level Read Timing ”diagrams in this datasheet for details on the clock cycle sequences for each mode.CONTINUOUS ARRAY READ:By supplying an initial starting address for the main memory array,the Continuous Array Read command can be utilized to sequentially read a continuous stream of data from the device by simply providing a clock signal;no additional addressing information or control signals need to be provided.The DataFlash incorporates an internal address counter that will automatically increment on every clock4AT45DB021B1937F –DFLSH –10/02cycle,allowing one continuous read operation without the need of additional address sequences.To perform a continuous read,an opcode of 68H or E8H must be clocked into the device followed by 24address bits and 32don ’t care bits.The first five bits of the 24-bit address sequence are reserved for upward and downward compatibility to larger and smaller density devices (see Notes under “Command Sequence for Read/Write Operations ”diagram).The next 10address bits (PA9-PA0)specify which page of the main memory array to read,and the last nine bits (BA8-BA0)of the 24-bit address sequence specify the starting byte address within the page.The 32don ’t care bits that follow the 24address bits are needed to initialize the read operation.Following the 32don ’t care bits,additional clock pulses on the SCK pin will result in serial data being output on the SO (serial output)pin.The CS pin must remain low during the loading of the opcode,the address bits,the don ’t care bits,and the reading of data.When the end of a page in main memory is reached during a Continuous Array Read,the device will continue reading at the beginning of the next page with no delays incurred during the page boundary crossover (the crossover from the end of one page to the beginning of the next page).When the last bit in the main memory array has been read,the device will continue reading back at the begin-ning of the first page of memory.As with crossing over page boundaries,no delays will be incurred when wrapping around from the end of the array to the beginning of the array.A low-to-high transition on the CS pin will terminate the read operation and tri-state the SO pin.The maximum SCK frequency allowable for the Continuous Array Read is defined by the f CAR specification.The Continuous Array Read bypasses both data buff-ers and leaves the contents of the buffers unchanged.MAIN MEMORY PAGE READ:A Main Memory Page Read allows the user to read data directly from any one of the 1024pages in the main memory,bypassing both of the data buffers and leaving the contents of the buffers unchanged.To start a page read,an opcode of 52H or D2H must be clocked into the device followed by 24address bits and 32don ’t care bits.The first five bits of the 24-bit address sequence are reserved bits,the next 10address bits (PA9-PA0)specify the page address,and the next nine address bits (BA8-BA0)specify the starting byte address within the page.The 32don ’t care bits which follow the 24address bits are sent to initialize the read operation.Following the 32don ’t care bits,additional pulses on SCK result in serial data being output on the SO (serial output)pin.The CS pin must remain low during the loading of the opcode,the address bits,the don ’t care bits and the reading of data.When the end of a page in main memory is reached during a Main Memory Page Read,the device will continue reading at the beginning of the same page.A low-to-high transition on the CS pin will terminate the read operation and tri-state the SO pin.BUFFER READ:Data can be read from either one of the two buffers,using different opcodes to specify which buffer to read from.An opcode of 54H or D4H is used to read data from buffer 1,and an opcode of 56H or D6H is used to read data from buffer 2.To perform a Buffer Read,the eight bits of the opcode must be followed by 15don ’t care bits,nine address bits,and eight don ’t care bits.Since the buffer size is 264-bytes,nine address bits (BFA8-BFA0)are required to specify the first byte of data to be read from the buffer.The CS pin must remain low during the loading of the opcode,the address bits,the don ’t care bits and the reading of data.When the end of a buffer is reached,the device will continue reading back at the beginning of the buffer.A low-to-high transition on the CS pin will terminate the read operation and tri-state the SO pin.5AT45DB021B1937F –DFLSH –10/02STATUS REGISTER READ:The status register can be used to determine the device ’s ready/busy status,the result of a Main Memory Page to Buffer Compare operation,or the device density.To read the status register,an opcode of 57H or D7H must be loaded into the device.After the last bit of the opcode is shifted in,the eight bits of the status register,starting with the MSB (bit 7),will be shifted out on the SO pin during the next eight clock cycles.The five most-significant bits of the status register will contain device information,while the remaining three least-significant bits are reserved for future use and will have undefined values.After bit 0of the status register has been shifted out,the sequence will repeat itself (as long as CS remains low and SCK is being tog-gled)starting again with bit 7.The data in the status register is constantly updated,so each repeating sequence will output new data.Ready/Busy status is indicated using bit 7of the status register.If bit 7is a 1,then the device is not busy and is ready to accept the next command.If bit 7is a 0,then the device is in a busy state.The user can continuously poll bit 7of the status register by stopping SCK at a low level once bit 7has been output.The status of bit 7will continue to be output on the SO pin,and once the device is no longer busy,the state of SO will change from 0to 1.There are eight operations that can cause the device to be in a busy state:Main Memory Page to Buffer Transfer,Main Memory Page to Buffer Compare,Buffer to Main Memory Page Program with Built-in Erase,Buffer to Main Memory Page Program without Built-in Erase,Page Erase,Block Erase,Main Memory Page Program,and Auto Page Rewrite.The result of the most recent Main Memory Page to Buffer Compare operation is indi-cated using bit 6of the status register.If bit 6is a 0,then the data in the main memory page matches the data in the buffer.If bit 6is a 1,then at least one bit of the data in the main memory page does not match the data in the buffer.The device density is indicated using bits 5,4,3and 2of the status register.For the AT45DB021B,the four bits are 0,1,0and 1.The decimal value of these four binary bits does not equate to the device density;the four bits represent a combinational code relating to differing densities of Serial DataFlash devices,allowing a total of sixteen dif-ferent density configurations.Program and Erase CommandsBUFFER WRITE:Data can be shifted in from the SI pin into either buffer 1or buffer 2.To load data into either buffer,an 8-bit opcode,84H for buffer 1or 87H for buffer 2,must be followed by 15don't care bits and nine address bits (BFA8-BFA0).The nine address bits specify the first byte in the buffer to be written.The data is entered following the address bits.If the end of the data buffer is reached,the device will wrap around back to the beginning of the buffer.Data will continue to be loaded into the buffer until a low-to-high transition is detected on the CS pin.BUFFER TO MAIN MEMORY PAGE PROGRAM WITH BUILT -IN ERASE:Data written into either buffer 1or buffer 2can be programmed into the main memory.To start the operation,an 8-bit opcode (83H for buffer 1or 86H for buffer 2)must be followed by the five reserved bits,10address bits (PA9-PA0)that specify the page in the main memory to be written,and nine additional don ’t care bits.When a low-to-high transition occurs on the CS pin,the part will first erase the selected page in main memory to all 1s and then program the data stored in the buffer into the specified page in the main memory.Both the erase and the programming of the page are internally self-timed and should takeStatus Register Format6AT45DB021B1937F –DFLSH –10/02place in a maximum time of t EP .During this time,the status register will indicate that the part is busy.BUFFER TO MAIN MEMORY PAGE PROGRAM WITHOUT BUILT-IN ERASE:A previ-ously erased page within main memory can be programmed with the contents of either buffer 1or buffer 2.To start the operation,an 8-bit opcode (88H for buffer 1or 89H for buffer 2)must be followed by the five reserved bits,10address bits (PA9-PA0)that specify the page in the main memory to be written,and nine additional don ’t care bits.When a low-to-high transition occurs on the CS pin,the part will program the data stored in the buffer into the specified page in the main memory.It is necessary that the page in main memory that is being programmed has been previously erased.The programming of the page is internally self-timed and should take place in a maximum time of t P .Dur-ing this time,the status register will indicate that the part is busy.Successive page programming operations without doing a page erase are not recom-mended.In other words,changing bytes within a page from a “1”to a “0”during multiple page programming operations without erasing that page is not recommended.PAGE ERASE:The optional Page Erase command can be used to individually erase any page in the main memory array allowing the Buffer to Main Memory Page Program without Built-in Erase command to be utilized at a later time.To perform a Page Erase,an opcode of 81H must be loaded into the device,followed by five reserved bits,ten address bits (PA9-PA0),and nine don ’t care bits.The ten address bits are used to spec-ify which page of the memory array is to be erased.When a low-to-high transition occurs on the CS pin,the part will erase the selected page to 1s.The erase operation is inter-nally self-timed and should take place in a maximum time of t PE .During this time,the status register will indicate that the part is busy.BLOCK ERASE:A block of eight pages can be erased at one time allowing the Buffer to Main Memory Page Program without Built-in Erase command to be utilized to reduce programming times when writing large amounts of data to the device.To perform a Block Erase,an opcode of 50H must be loaded into the device,followed by five reserved bits,seven address bits (PA9-PA3),and 12don ’t care bits.The seven address bits are used to specify which block of eight pages is to be erased.When a low-to-high transition occurs on the CS pin,the part will erase the selected block of eight pages to 1s.The erase operation is internally self-timed and should take place in a maximum time of t BE .During this time,the status register will indicate that the part is busy.Block Erase AddressingPA9PA8PA7PA6PA5PA4PA3PA2PA1PA0Block 0000000X X X 00000001X X X 10000010X X X 20000011X X X 3•••••••••••••••••••••••••••••••••1111100X X X 1241111101X X X 1251111110X X X 1261111111XXX1277AT45DB021B1937F –DFLSH –10/02MAIN MEMORY PAGE PROGRAM THROUGH BUFFER:This operation is a combina-tion of the Buffer Write and Buffer to Main Memory Page Program with Built-in Erase operations.Data is first shifted into buffer 1or buffer 2from the SI pin and then pro-grammed into a specified page in the main memory.To initiate the operation,an 8-bit opcode (82H for buffer 1or 85H for buffer 2)must be followed by the five reserved bits and 20address bits.The 10most-significant address bits (PA9-PA0)select the page in the main memory where data is to be written,and the next nine address bits (BFA8-BFA0)select the first byte in the buffer to be written.After all address bits are shifted in,the part will take data from the SI pin and store it in one of the data buffers.If the end of the buffer is reached,the device will wrap around back to the beginning of the buffer.When there is a low-to-high transition on the CS pin,the part will first erase the selected page in main memory to all 1s and then program the data stored in the buffer into the specified page in the main memory.Both the erase and the programming of the page are internally self-timed and should take place in a maximum of time t EP .During this time,the status register will indicate that the part is busy.Additional CommandsMAIN MEMORY PAGE TO BUFFER TRANSFER:A page of data can be transferred from the main memory to either buffer 1or buffer 2.To start the operation,an 8-bit opcode,53H for buffer 1and 55H for buffer 2,must be followed by the five reserved bits,10address bits (PA9-PA0)which specify the page in main memory that is to be trans-ferred,and nine don ’t care bits.The CS pin must be low while toggling the SCK pin to load the opcode,the address bits,and the don ’t care bits from the SI pin.The transfer of the page of data from the main memory to the buffer will begin when the CS pin transi-tions from a low to a high state.During the transfer of a page of data (t XFR ),the status register can be read to determine whether the transfer has been completed or not.MAIN MEMORY PAGE TO BUFFER COMPARE:A page of data in main memory can be compared to the data in buffer 1or buffer 2.To initiate the operation,an 8-bit opcode (60H for buffer 1and 61H for buffer 2)must be followed by 24address bits consisting of the five reserved bits,10address bits (PA9-PA0)which specify the page in the main memory that is to be compared to the buffer,and nine don ’t care bits.The CS pin must be low while toggling the SCK pin to load the opcode,the address bits and the don ’t care bits from the SI pin.On the low-to-high transition of the CS pin,the 264bytes in the selected main memory page will be compared with the 264bytes in buffer 1or buffer 2.During this time (t XFR ),the status register will indicate that the part is busy.On comple-tion of the compare operation,bit 6of the status register is updated with the result of the compare.AUTO PAGE REWRITE:This mode is needed only if multiple bytes within a page or multiple pages of data are modified in a random fashion.This mode is a combination of two operations:Main Memory Page to Buffer Transfer and Buffer to Main Memory Page Program with Built-in Erase.A page of data is first transferred from the main memory to buffer 1or buffer 2,and then the same data (from buffer 1or buffer 2)is programmed back into its original page of main memory.To start the rewrite operation,an 8-bit opcode (58H for buffer 1or 59H for buffer 2)must be followed by the five reserved bits,10address bits (PA9-PA0)that specify the page in main memory to be rewritten,and nine additional don ’t care bits.When a low-to-high transition occurs on the CS pin,the part will first transfer data from the page in main memory to a buffer and then program the data from the buffer back into same page of main memory.The operation is inter-nally self-timed and should take place in a maximum time of t EP .During this time,the status register will indicate that the part is busy.8AT45DB021B1937F –DFLSH –10/02If a sector is programmed or reprogrammed sequentially page-by-page,then the pro-gramming algorithm shown in Figure 1on page 26is recommended.Otherwise,if multiple bytes in a page or several pages are programmed randomly in a sector,then the programming algorithm shown in Figure 2on page 27is recommended.Each page within a sector must be updated/rewritten at least once within every 10,000cumulative page erase/program operations in that sector.Operation Mode SummaryThe modes described can be separated into two groups –modes which make use of the Flash memory array (Group A)and modes which do not make use of the Flash memory array (Group B).Group A modes consist of:1.Main Memory Page Read2.Main Memory Page to Buffer 1(or 2)Transfer3.Main Memory Page to Buffer 1(or 2)Compare4.Buffer 1(or 2)to Main Memory Page Program with Built-in Erase5.Buffer 1(or 2)to Main Memory Page Program without Built-in Erase6.Page Erase7.Block Erase8.Main Memory Page Program through Buffer 9.Auto Page Rewrite Group B modes consist of:1.Buffer 1(or 2)Read 2.Buffer 1(or 2)Write 3.Status Register ReadIf a Group A mode is in progress (not fully completed),then another mode in Group A should not be started.However,during this time in which a Group A mode is in progress,modes in Group B can be started.This gives the Serial DataFlash the ability to virtually accommodate a continuous data stream.While data is being programmed into main memory from buffer 1,data can be loaded into buffer 2(or vice versa).See application note AN-4(“Using Atmel ’s Serial DataFlash ”)for more details.Pin DescriptionsSERIAL INPUT (SI):The SI pin is an input-only pin and is used to shift data into the device.The SI pin is used for all data input,including opcodes and address sequences.SERIAL OUTPUT (SO):The SO pin is an output-only pin and is used to shift data out from the device.SERIAL CLOCK (SCK):The SCK pin is an input-only pin and is used to control the flow of data to and from the DataFlash.Data is always clocked into the device on the rising edge of SCK and clocked out of the device on the falling edge of SCK.CHIP SELECT (CS):The DataFlash is selected when the CS pin is low.When the device is not selected,data will not be accepted on the SI pin,and the SO pin will remain in a high-impedance state.A high-to-low transition on the CS pin is required to start an operation,and a low-to-high transition on the CS pin is required to end an operation.9AT45DB021B1937F –DFLSH –10/02WRITE PROTECT:If the WP pin is held low,the first 256pages of the main memory cannot be reprogrammed.The only way to reprogram the first 256pages is to first drive the protect pin high and then use the program commands previously mentioned.The WP pin is internally pulled high;therefore,connection of the WP pin is not necessary if this pin and feature will not be utilized.However,it is recommended that the WP pin be driven high externally whenever possible.RESET:A low state on the reset pin (RESET)will terminate the operation in progress and reset the internal state machine to an idle state.The device will remain in the reset condition as long as a low level is present on the RESET pin.Normal operation can resume once the RESET pin is brought back to a high level.The device incorporates an internal power-on reset circuit,so there are no restrictions on the RESET pin during power-on sequences.The RESET pin is also internally pulled high;therefore,connection of the RESET pin is not necessary if this pin and feature will not be utilized.However,it is recommended that the RESET pin be driven high exter-nally whenever possible.READY/BUSY:This open-drain output pin will be driven low when the device is busy in an internally self-timed operation.This pin,which is normally in a high state (through a 1k Ωexternal pull-up resistor),will be pulled low during programming operations,com-pare operations,and during page-to-buffer transfers.The busy status indicates that the Flash memory array and one of the buffers cannot be accessed;read and write operations to the other buffer can still be performed.Power-on/Reset StateWhen power is first applied to the device,or when recovering from a reset condition,the device will default to SPI Mode 3.In addition,the SO pin will be in a high-impedance state,and a high-to-low transition on the pin will be required to start a valid instruc-tion.The SPI mode will be automatically selected on every falling edge of by sampling the inactive clock state.10AT45DB021B1937F –DFLSH –10/02Note:In T ables 2and 3,an SCK mode designation of “Any ”denotes any one of the four modes of operation (Inactive Clock Polarity Low,Inactive Clock Polarity High,SPI Mode 0,or SPI Mode 3).Table 3.Additional Commands11AT45DB021B1937F –DFLSH –10/02P =Page Address BitB =Byte/Buffer Address Bit x =Don ’t Care12AT45DB021B1937F –DFLSH –10/02Note:1.After power is applied and V CC is at the minimum specified datasheet value,the system should wait 20ms before anoperational mode is started.Note:1.I cc1during a buffer read is 20mA maximum.Absolute Maximum Ratings*T emperature under Bias ................................-55°C to +125°C *NOTICE:Stresses beyond those listed under “Absolute Maximum Ratings ”may cause permanent dam-age to the device.This is a stress rating only and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification is not implied.Exposure to absolute maximum rating conditions for extended periods may affect device reliability.Storage T emperature.....................................-65°C to +150°C All Input Voltages (including NC Pins)with Respect to Ground...................................-0.6V to +6.25V All Output Voltageswith Respect to Ground.............................-0.6V to V CC +0.6VDC and AC Operating RangeDC Characteristics13AT45DB021B1937F –DFLSH –10/02AC Characteristics14AT45DB021B1937F –DFLSH –10/02Input Test Waveforms and Measurement Levelst R ,t F <3ns (10%toOutput Test LoadACWaveformsTwo different timing diagrams are shown below.Waveform 1shows the SCK signal being low when CS makes a high-to-low transition,and Waveform 2shows the SCK sig-nal being high when CS makes a high-to-low transition.Both waveforms show valid timing diagrams.The setup and hold times for the SI signal are referenced to the low-to-high transition on the SCK signal.Waveform 1shows timing that is also compatible with SPI Mode 0,and Waveform 2shows timing that is compatible with SPI Mode 3.Waveform 1–Inactive ClockPolarity Low and SPI Mode 0Waveform 2–Inactive Clock Polarity High and SPI Mode 315AT45DB021B1937F –DFLSH –10/02Reset Timing (Inactive Clock Polarity Low Shown)Note:The signal should be in the high state before the signal is deasserted.Command Sequence for Read/Write Operations (except Status Register Read)Notes:1.“r ”designates bits reserved for larger densities.2.It is recommended that “r ”be a logical “0”for densities of 2M bits or smaller.3.For densities larger than 2M bits,the “r ”bits become the most significant Page Address bit for the appropriate density.16AT45DB021B1937F –DFLSH –10/02Write OperationsThe following block diagram and waveforms illustrate the various write sequences available.Main Memory Page Program through BuffersBuffer WriteBuffer to Main Memory Page Program (Data from Buffer Programmed into Flash Page)。

,是official cover的缩写，和diplomatic cover（外交掩护）实际上是一个意思。

有了外交掩护，情报人员便处于外交特权与豁免的庇护之下，等于有了一个金制的护身符。

，即Non Offical Cover，无外交掩护。

电影《碟中谍》第一部是围绕着一张磁盘中的NOC list展开的，这里的NOC就是Non-official Cover的缩写，指的是没有外交身份掩护的情报人员，也就是间谍术语中常说的illegal。

由于没有外交身份的掩护，此类情报人员一旦被敌国反间谍机关抓获，很可能被送进监狱，甚至处死。

当然，还有别的可能性，比如由本国政府用落网的外国间谍进行交换（swap），或者通过外交协商，由本国在其它方面作出让步，或给对方以实惠，以换回被捕的间谍，但这些就属于外交工作的范畴了。

驻外记者、贸易代表和留学生等都是情报人员们常用的非官方掩护身份。

immunity，即外交特权与豁免，一般简称为外交豁免权，是情报人员的护身符，因为有了外交豁免权便不受驻在国反间谍机关和警察的逮捕。

就算被对方抓住了真凭实据，也顶多被对方宣布为不受欢迎的人而被召回国内。

non grata，即不受欢迎的人，来自拉丁语，一旦被宣布为不受欢迎的人，情报人员便会被驱逐。

当然，被宣布为不受欢迎的人的也不仅限于从事间谍活动的情报人员，也包含涉及刑事犯罪的外交人员等。

，即情报站，前苏联克格勃则习惯称之为Residentura。

一般设在本国驻某国使馆内，因为情报站长（Station Chief）的地位相当重要，不能冒险让他当NOC,否则一旦被捕后果不堪设想。

因此，情报站长绝大多数都是以外交身份为掩护。

但是，以外交官的身份为掩护固然安全，但也有弊端，那就是被监控的程度要大得多了，因此与情报员的接头会变得异常困难。

这样一来，设在使馆里的情报站里的特工主要是管理情报网，具体的情报工作在很大程度上要依赖使馆外面的NOC们。

一般来讲，设在使馆里的情报站的站长应该是一位外交职衔较高的官员，这样便于其接触驻在国高层人士并从中发展情报员。

特工装备：美国中情局历史上的著名的间谍套件特工装备:美国中情局历史上的著名的间谍套件不论詹姆斯邦德什么时候需要一个用来暗中抓拍盯梢对象照片或者从Auric Goldfinger镀金的紧握魔掌中逃脱的精巧设备时，他可以依托特勤处的Q部门那些天才般的头脑给出一个解决方案。

在现实世界里的那些服务于美国中央情报局和它的前身战略情报处的邦德们，可以在研究发展处得到类似的碟报工具。

从蚊子大小的无人飞机到时装相机，中情局满足其特工各种装备需求。

这其中的一些设备在中情局位于佛吉尼亚兰利的总部博物馆里展出。

尽管这个博物馆不对公众开放，最近中情局通过flicker发布了一系列已经解密了的历史上著名的间谍工具。

这里是其中最好的几个，即使我们自己想象中的装备室（Danger Room）在中情局的选择面前感到挫败。

上面的是；Belly Buster型手动监听钻在五十年代末和六十年代初为了在植入窃听设备，中情局用Belly Buster型钻在砖石墙上钻孔。

组装好以后，用腹部紧贴着钻机的底座，同时用手摇动钻机的手柄。

这套工具附带着几个其他型号钻头和配件。

信件提取器这个特殊的装置在第二次世界大战中用来从信封里取出信件却不破坏上面的封印。

像钳子一样的装置用来伸进没有封闭好的信封顶部缝隙里，然后将信件卷起来从信封里抽出来。

信件提取器这张图片展示为了将信件从信封里取出而将信件卷在设备的钳子上。

立体镜和皮套在第二次世界大战中，立体镜被用来帮助同盟国的分析者检查那些安装在飞机上的摄像机拍摄的敌国领土影像。

这个装置会让分析者看到三维立体的电影图像。

..蜻蜓版昆虫直升机十九世纪七十年代由美国中情局所属的研究发展处开发，这个微型无人飞行装置(无人机)是第一个尝试通过微型装置来收集情报而开发的昆虫般大的无人飞行装置。

中情局的水陆两栖潜水艇在十九世纪的五十年代中情局设计了这艘可供两人使用的水陆两栖潜水艇。

它不携带武器，内部空间狭小，并且需要“母船”的运输和保障供给，但是它能够行驶到普通船只到达不了的地方。

解密身体密码——FBI读心术一、宏观概述1. 1952年,一个名为保罗·麦克林的科学先驱提出，人类大脑是由爬虫类脑（脑干）、哺乳动物类脑(边缘系统）、人类大脑（新皮质)组成的三位一体。

其中,边缘系统在非语言行为表达中扮演了非常重要的角色。

2。

边缘系统:最诚实的大脑。

它对周围世界的反映是条件式的,是不加考虑的，所以也是最真实的。

边缘系统是唯一一个负责我们生存的大脑部位,它从不休息，一直处于运行状态.同时，边缘系统还是我们的情感中心。

各种信号从这里出发，前往大脑的其他部位，而这些部位各自管理着我们的行为，有的与感情有关，有的则与我们的生死有关。

当这些行为通过我们的手脚、躯干、四肢和面部表情表达出来时，我们就可以对其进行观察和解密了。

3。

我们在电视上看到的间谍人员一般是眼戴墨镜、一身黑衣、高大威猛、英俊帅气,然而这往往是最不真实的，现实中的间谍最重要的技能是隐藏，茫茫人海中不显露的存在，这样才能最大程度上不暴露身份,获取情报。

4。

边缘的生存反映不仅可以追溯至我们的幼年时代，同样可以追溯至人类的远祖时代.它们是我们神经系统的硬件，很难伪装或剔除。

边缘行为是人类的思想、感觉和意图的真实反映。

5. 相对来说,我们大脑的第三部分加入颅顶的时间较晚，因此被称作新皮质,即新大脑。

这部分主要负责高级认知和记忆,因此也被思考大脑。

正是这部分大脑让我们与哺乳动物分开，不过它也是大脑中最不诚实的部分.它能帮助一个人做出非常令人信服的陈述，如“我和莱温斯基小姐绝对没有过性关系"，而事实可能并非如此。

6。

现实生活中，动物,包括人类，会依照下列顺序—-冻结、逃跑、战斗来应付各种苦恼和威胁。

7。

冻结反应：大约100万年前，原始人类跨越了非洲大草原。

那个时候我们面临着很多猎食者的威胁，这些动物跑的比他们快，力气比他们大.然而,他们最终生存了下来，就是因为大脑的边缘系统,他们为人类远祖找到了弥补力量不足的方法。

边缘系统使用的第一种防御战略就是冻结反应。

50 /MINIATURES鬼怪 II关于麦克唐纳·道格拉斯F-4“鬼怪”II，我们能说些什么呢？谁还不知道这架飞机？有哪个飞机模型玩家没做过至少一架“鬼怪”？反正我是做了一台又一台，根本停不下来！我想将这架F-4B做成VF-111落日中队的样式，这个著名的海军战斗中队涂装十分亮眼。

1971年11月至1972年2月在越南执行任务期间，该中队被分配给“珊瑚海”号航母（CVA-43）上的第15舰载机联队。

由于某些原因，我准备制作其中一架诨名为“老尼克204”的F-4B（“老尼克”是该中队内的无线电码）。

首先，这个中队最具代表性的飞机是属于中队长的“老尼克200”和米格杀手“老尼克201”，两者我都不想做，因为太常见；其次，我手头正好有两张204号机的照片，一张黑白一张彩色，其中一张是正在向目标投弹的情景。

我必须指出，在模型中我并未将机组人员的名字写在座舱上，因为我根本不知道他们的名字。

这架编号为150466的飞机之前隶属于VMFA-115银鹰中队（VMFA意为陆战队战斗攻击机中队），很遗憾，1970年9月在该中队服役期间，它遭遇了一次地面事故并导致多名地勤人员丧生。

从落日中队退役后，该机被分配给美国海军陆战队的VMFA-112牛仔中队和VMFA-314黑骑士中队。

我不喜欢爱德美的MK-4座椅，所以我用长谷川（HASEGAWA）的剩余件来替换，非常合适。

我用AB补土来制作座椅的坐垫和靠背部分，并用同样的材料对降落伞做了些改动，同时，我还用塑料拉丝和一些Evergreen的圆棒制作了线管，用金属片及铜丝制作了安全带和扣具。

这是加细后的座椅，可以清楚地看出我使用的各种材料。

""Copyright©博看网 . All Rights Reserved.J u a n j o D o mín g u e zACADEMY1/48这套爱德美（ACADEMY）出品的套件质量不错，但离完美尚有差距。

美国预警机介绍：美国预警机全集(没E1)E-2“鹰眼”(Hawkeye)是格鲁门飞机公司为美国海军舰队设计的空中预警飞机，在海军航母编队中担任空中预警和指挥任务，保护航空母舰战斗群(CarrierBattleGroup)。

现格鲁门公司已与诺斯罗普公司合并为诺斯罗普·格鲁门公司，是仅次于波音和洛克西德公司的美国第三大军用飞机生产商，在发动机方面研究占有优势。

E-2前身是E-1“追踪者”(Tracer)预警机和F-14的E-1是由S-2“追踪者”(Tracker)反潜机发展来的，是世界上第一种专用预警机，E-2则是世界上第一种专门全新设计的预警机。

由于E-1的性能不尽如人意，美国海军推出了E-2，并很快投入越南战场。

E-2于一九六五年初开始服役，在越战中E-2A初次出现在航母“萨拉托加”号(Saratoga)上。

美国海军的现役航空母舰上均有一个包括五架E-2C的预警中队，全美海军总计有十八个E-2C中队(含后备役中队)，总共装备了一百三十九架E-2C。

E-2在气动结构上采用常规布局。

采用全金属悬臂式上单翼，中央翼段为三梁多肋机加蒙皮盒形结构。

外翼段用装在后梁上的斜轴接头铰接，翼内的双向作动筒可将机翼折叠到与机身侧面平行的位置。

机翼前缘有充气防冰套，内侧机翼前缘能打开，以便维护飞行操纵系统与发动机操纵系统。

机翼后缘外侧为襟副翼，在富勒式襟翼放下时它会自动下垂。

E-2C各操纵面均用不可逆助力器操纵，有人工感觉装置。

操纵系统可由自动飞行操纵系统控制，也可用人工操纵并辅之以自动增稳控制。

身为全金属半硬壳式，在机身上方机翼前有冷却系统散热器舱，机身中部支架上有圆盘式雷达天线罩。

采用悬臂式四垂尾尾翼，前缘有充气防冰套，垂尾后有三个双铰链式方向舵。

平尾上反角11°，尾翼有一部分用玻璃钢制造以减少雷达反射波。

机腹装有液压收放前三点式，有气压紧急放下装置，可转向的前起落架向后收，主起落架向前并旋转90°以后平放入短舱底部。

全球谍海4强全球谍海4强CIA意味着什么？是恐怖还是充满血腥的死亡？它的神秘之处何在，其内幕又是如何……美国情报机构·美国中央情报局（Central Intelligence Agency，简称中情局，英文简称CIA）是美国国家安全委员会的执行机关，也是美国各情报机关的协调中心。

CIA 成立于1947 年，总部设在华盛顿近郊弗吉尼亚州的兰雷，主要由局长办公室和通报、行动、科技、计划与协调、管理服务5个业务部门组成。

CIA的各个总部之间、分局和分局之间，都互不通气，更不得泄露自己的活动秘密。

譬如，通报部虽然可通过行动部得到秘密情报，但这情报是谁通过什么方式和途径得到的却完全属于秘密；管理服务部按照行动部的要求提供一切秘密行动的设备、物品，但不能过问其内容和目的。

·美国联邦调查局（FBI）于1908年成立，原名司法部调查局，1924年改为现名。

总部设在华盛顿，下设50余个分局。

胡佛是第一任局长。

罗伯特·米勒是现任局长。

目前，FBI已成为世界上规模最大的反情报和反间谍机关，拥有两万余名工作人员，其中反情报和反间谍的特工人员约8500人。

FBI总部设有世界上最先进的犯罪侦破技术实验室，如爆炸物化验室、鞋印和车辙研究室、指纹鉴定和档案室、特殊摄影研究室、密码研究室等等。

它的电子记忆系统储存着大约650万份资料，全国的警察机构均有电子终端同它联结，在几分钟之内就能得到这里提供的技术性资料。

它的指纹鉴定和档案室，约存有1.75亿份指纹档案，每天要受理2.5万余件指纹查询业务。

美国联邦调查局（ FBI）大楼前·美国国家安全局总部在马里兰州乔治·米德堡。

它的A字形办公大楼规模仅次于五角大楼和国务院大楼，比CIA大得多，有神秘的迷宫之称。

工作人员持不同颜色的身份证进入各自的工作地点，只有拥有全部通行证的人才能在这座迷宫里自由往来，而拥有全部通行证的只有局长和副局长几个人。

FBI【联邦调查局】之特工读心术FBI认为在与人交流时，语言沟通是最主要的方式，是人与人之间传递情感、态度、信念和想法的过程，但是，读懂他人心理，光靠语言是不够的，有时候，一种不经意的非语言信息，更能透露出他的内心想法。

美国著名心理学家艾伯特-赫拉伯恩曾提出过一个公式：信息交流的结果=7%的语言+38%的语调语速+55%的表情和动作。

由此可知，人们在人际交往中，多达93%的信息是通过非语言方式传递的，可见，读懂和使用非言语信息具有重要意义。

非语言信息是指人们在日常生活中，通过身体某些部位的表情、姿态、动作、生理反应以及衣饰等，透漏出他们的心理信息。

身体的不同部位会传达出不同的非语言信息。

比如说，人与人目光接触时，一个人可以从对方那里得到很多的信息，可以帮助交往的双方心理同步，也可以用来表达一个人的喜、怒、哀、乐；而从对方面部五官的表情，则可以看出对方的信任、怀疑、兴奋、犹豫等在言语中有意掩饰的涵义；而不安地来回走动则显示某人的某种焦虑不安的情绪…人类是符号化的动物。

人们不但可以将自己心里的感觉、念头、情绪以非言语信息的形式传递出来，而且也可以通过破译他人的非语言信息了解其所表欲传达的心理信息。

所以，非语言信息是一种双向的表达和沟通方式。

读心术具体特征：1、FBI特工认为，一个人上半身保持静止状态，却轻轻摆动自己的腿和脚，是他不适应或者不舒服的一种表现。

但是，有些时候，轻轻摆动腿和脚也可能是人对于某个好消息所做出的反应。

2、FBI特工认为，如果人的腿部和脚部动作由轻轻摆动变成了“蹬”或者“踢”的动作，通常是因为当事人对于周围发生事物的回应可能是消极的，心情是烦躁的，恨不得立即用脚将它踢开。

而脚踝部不断地扭动的动作，也传达了他的心理压力较大，即将失去耐心的信息。

3、FBI特工认为，当你和领导谈话的时候，观察对方的脚部动作，若他的脚尖转向远离你的位置时，暗示了他想要离开。

这有可能是因为领导对你和你们之间的谈话缺乏兴趣，或者是有其他的安排。

CIA中央情报局Central Intelligence Agenc (简称中情局，英文简称CIA）是美国最大的情报机构(美国政府的间谍和反间谍机构，是美国庞大情报系统的总协调机关)，主要任务是公开和秘密地收集和分析关于国外政府、公司和个人；政治、文化、科技等方面的情报，协调其他国内情报机构的活动，并把这些情报报告到美国政府各个部门的工作。

它也负责维持大量军事设备，这些设备在冷战期间用于推翻外国政府，例如前苏联，和对美国利益构成威胁的反对者，例如危地马拉的阿本斯和智利的阿连德。

总部设在维吉尼亚州的兰利。

有些人认为中央情报局经常进行一些暗杀活动，暗杀敌国领导人，例如古巴总统卡斯特罗，但是并没有足够的证据证明这一点。

中央情报局的地位和功能相当于英国的军情六局和以色列的摩萨德。

历史1947 年建立。

总部设在弗吉尼亚州的兰雷，是全球性情报网的中心。

它不仅有遍布全世界的监听站，还有自己的广播设施、航空线、宇宙卫星、印刷所以及训练特种部队的基地，拥有大批间谍、特务和情报技术人员。

2006年5月26日，美国国会参议院以78票对15票的表决结果，批准了美国总统布什对当时担任国家情报局副局长的空军上将迈克尔•海登出任中央情报局局长的提名。

中央情报局由国家安全委员会直接领导。

还担任总统和国会的高级情报顾问，现任局长为迈克尔•海登。

局长由总统任命，参议院批准，是美国各情报机构的协调人，负责改进美国情报委员会的工作，保证总统在作出决策时，能充分掌握第一手情况。

情报局的主要任务有：①以公开、秘密方式和技术手段，搜集外国的军事、政治、经济、文化与科技情报，协调国内各情报机构的工作。

②为总统分析和估价情报，对其他国家进行间谍特务活动。

情报技术人员多具有较高学历，或是某些领域的专家。

该机构的组织、人员、经费和活动严格保密，即使国会也不能过问。

FBI美国联邦调查局(Federal Bureau of Investigation，简称FBI)，是美国司法部的主要调查手段，根据美国法典第28条533款，授权司法部长”委任官员侦测反美国的罪行”，另外其它联邦的法令给予FBI权力和职责调查特定的罪行。

Extreme Networks EXOS Quick GuideJust enough to be dangerousContentsExtreme Networks (1)EXOS Cheat Sheet ................................................................................................................... 错误！未定义书签。

EXOS Switch Basics .. (1)Manuals (1)Connecting to the Switch (1)Basic CLI Navigation (1)Port numbering (1)System-level Components (3)Software (3)Load new software (3)Select the next image to be booted (4)Reboot (4)Hardware (4)Type of system (4)Power Supplies (4)Fans (4)Serial numbers (4)Total service time (4)License levels (4)Date & time information (4)File storage (4)Managing Configurations (5)Look at the current configuration (5)CLI Paging (5)Booting Configuration Files (5)Saving a configuration file (5)Backing up a config file to/from a TFTP server (6)Reset the switch to factory defaults (6)Using Ports (7)Configuring Port Speed and Duplex (7)Enabling and Disabling Ports (7)Examining Port Configurations (7)VLAN/Port Membership (7)Port Utilization (7)Monitor QoS behavior (7)Link Aggregation (8)LACP (8)Using VLAN's (9)Create a VLAN (9)Assign an IP address to a VLAN (9)Assign an 802.1Q tag value to the VLAN (9)Add and delete ports to/from a VLAN (9)Give a QoS profile to a VLAN (10)Examining VLANs (10)FDB Operations (11)IP Routing (12)Show the Route Table (12)Show the IP Interfaces on the switch (12)The ARP Cache (12)Enable Routing (12)Create Static / Default Route (13)OSPF (13)Set the OSPF routerid (13)Create an OSPF area (13)Set the OSPF router priority (13)Turn on OSPF for a VLAN (13)Turn off OSPF for a VLAN (13)See the status of OSPF (13)Look at the OSPF Neighbors (13)Look at the OSPF LSDB (14)VRRP (14)Configure VRRP (14)Examine VRRP (14)Turn on SNTP (14)Enable Web Access: (14)SNMP (14)SNMP System Name (14)Advanced Configuration Examples (15)EAPS (15)Turn on a DHCP server on a test VLAN (15)Bootprelay (15)Mirroring (Span Port) (16)EXOS Cheat SheetEXOS Switch BasicsManualsThis is just an unoffical cheat sheet. There’s lots more information in the official manuals.From the Extreme Web Site ()∙Hardware Installation Guideso How to install the hardware, of course, but also technical specs on the gear (electrical power requirements, heat generated, etc.∙Command Referenceo Documents the syntax of every command and every option∙Concepts Guideo Explains the technologies and concepts behind them. Probably the most useful manual.o Appendix A explains what software features are supported at each license levelFrom the software update site∙Release noteso Documents new features and hardwareo Explains how to upgrade softwareo Has the engineering limits for that release of code. For example, how many IPv6 routes can be learned by the switch running that version of code can be found in the release notes.o Bugs that have been fixed and bugs that Extreme knows abouto Probably the second most useful manual.Connecting to the SwitchUse a DB9 male null-modem (laplink) cableSet the PC serial port to 9600-n-8-1 with either XON/XOFF or no flow controlNote: Do not use hardware flow control. The Extreme switch does not use it and will never assert CTS.Basic CLI Navigation-Default login: 'admin' with no password.-Use up/down arrow keys to scroll through the command history-Use left/right arrow keys to edit a command-Use <?> to see what commands are available next-Use <tab> to complete a command or to see what commands are available next-Commands can be abbreviated so long as the abbreviation is unique-Commands always start from the root level. EXOS doesn’t change command levels.-# signs at the start of the line indicate a comment follows (usually only seen in configuration files)Port numberingIn standalone switches (not stacked, not in a chassis), ports are identified by their number 1, 2, 3, 4, etc.When switches are stacked or for ports in a chassis, ports are identified by <module>:<port>, e.g. 1:1, 2:24, etc.You can use lists of ports separated by commas: 1,17,23 or 1:1,2:27,3:23 You can use port ranges: 1-12 or 4:4-4:14. In the later case, 4:4-14 also works. You can also mix the lists and ranges: 1-4,23 or 4:4-14,5:7System-level ComponentsSoftwareEXOS switches store two versions of code in non-volatile RAM. The two versions are called Primary and Secondary, but that does not mean that Primary is tried first and if it fails to work then Secondary is tried. Primary and Secondary are just names. The “show switch” command will let you see what versions of software are loaded into the switch, version the switch is running on (“Image Booted”), and what version will be loaded the next time the switch boots (“Image Selected”).VDB.1 # show switchSysName: VDBSysLocation:SysContact: support@, +1 888 257 3000System MAC: 00:04:96:26:6D:76System Type: X450e-48pSysHealth check: Enabled (Normal)Recovery Mode: AllSystem Watchdog: EnabledCurrent Time: Tue Sep 20 22:13:16 2011Timezone: [Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.Boot Time: Tue Sep 20 22:11:28 2011Boot Count: 283Next Reboot: None scheduledSystem UpTime: 1 minute 48 secondsCurrent State: OPERATIONALImage Selected: primaryImage Booted: secondaryPrimary ver: 12.5.2.6Secondary ver: 12.4.2.17Config Selected: primary.cfgConfig Booted: primary.cfgprimary.cfg Created by ExtremeXOS version 12.5.2.6278372 bytes saved on Tue Aug 30 14:27:29 2011Load new softwareEXOS won’t let you replace your booted version. So if you booted on the secondary image, you can only load new code into the primary image slot. EXOS now handles the slot selection for you automatically. Set up a tftp server with the new software and then load it onto the switch with the commanddownload image <tftp server IP address> <image name> vr vr-defaultUnless you are actually using the management port in the back, you have to include the “vr vr-default” business at the end of the command.He re’s an actual exampledownload image 192.168.1.27 summitX-12.6.1.3.xos vr vr-defaultOn very rare occasions, you might also need to load new boot code onto the switch before you run new software. The release notes will tell you if your current boot code is compatible. If you do need to download a new bootrom, then don’t do it just because you can. However, if you do ne ed a new bootrom, the command is almost identical: download bootrom 192.168.1.27 pmon_summitl-1.0.5.6.xtr vr vr-defaultSelect the next image to be booteduse image primaryuse image secondaryRebootRebootHardwareType of systemshow switchPower Suppliesshow powerFansshow fansSerial numbersshow versionSwitch : 800190-00-02 0634G-00406 Rev 2.0 BootROM: 1.0.5.5 IMG: 12.5.2.6XGM2-1 : N/A N/A Rev 0.0Image : ExtremeXOS version 12.5.2.6 v1252b6 by release-manageron Tue Mar 1 17:38:45 PST 2011BootROM : 1.0.5.5Total service timeshow odometersService First RecordedField Replaceable Units Days Start Date---------------------------------------------------------------Switch : X450e-48p 493 Sep-20-2006License levelsshow licenseDate & time informationshow switchtells the current date and time, the timezeone, and when the switch was booted.File storageBecause EXOS runs on a LINUX kernel, the file system commands are very LINUX-like.∙Directory listing –ls∙Copy a file – cp <filename1> <filename2>∙Rename a file –mv <filename1> <filename2>∙Delete a file –rm <filename>Managing ConfigurationsLook at the current configurationshow configshows the currently running configuration.Default configuration settings are suppressed. If you want to see them useshow config detailIf you want to see the configuration for a particular module (e.g. vlan, IP, eaps, OSPF, etc.) you can specify just that moduleshow config ospfCLI PagingBy default, the CLI shows you a “page” of 25 lines at a time and then waits for you to hit a key to continue. That can get annoying, particularly if you have set your terminal program to capture the output to a log file. You can turn off the page-by-page display with the commanddisable clipagingWhen you’re done scrolling out the config file, turn the paging feature back on with the commandenable clipagingBooting Configuration FilesEXOS allows you to store and use multiple configuration files.show switch - See which configuration file was booted (“Config booted”)and which file will be used at the next boot (“Config selected”).Saving a configuration filesave config - will write the current config to whichever file is specified in “Config selected”.save config <filename> - will write the current config to a new file name and then ask if you want to make the new file the “default database”; do you want to select thi s file for booting.Note: Even though config files always end in “.cfg” EXOS will complain if you add the extension. So just give it the name of the new config.Examplesave config testDo you want to save configuration to test.cfg? (y/N) YesSaving configuration on master ............. done!Configuration saved to test.cfg successfully.The current selected default configuration database to boot up the system(primary.cfg) is different than the one just saved (test.cfg).Do you want to make test.cfg the default database? (y/N) NoDefault configuration database selection cancelled.Backing up a config file to/from a TFTP servertftp put <tftp address> vr vr-default <config file> writes a file to a tftp servertftp get <tftp address> vr vr-default <config file> copies a file from a tftp serverExample:tftp put 192.168.1.1 vr vr-default test.cfgNote: You don’t specify the “.cfg” extension when saving files, but you do want to specify the “.cfg” when using tftp. Note: EXOS config files are stored as XML, which can be hard for us humans to read. EXOS and Ridgeline identify normal ASCII files with an extension of “xsf”. So t o upload the config in ASCII format, use the commandupload configuration <tftp address> <remote name> vr vr-defaultExample:upload configuration 192.168.1.1 newscript.xsf vr vr-defaultThere is no “download configuration” command so use tftp get to copy an xsf file back down to the switch.Reset the switch to factory defaultsunconfigure switch– Resets everything back to factory defaults except for the odometer, clock, and user accounts and passwords.unconfigure swith all– Also resets the user accounts and passwords.Note: Neither command will affect license levels or the stacking mode of a switch.Using PortsConfiguring Port Speed and Duplexconfig port 1 auto off speed 100 duplex halfconfig port 1:1-1:5 auto off speed 1000 duplex fullconfig port 22 auto onEnabling and Disabling Portsenable port 1disable port 1:1-1:5Examining Port Configurationsshow port configshow port 1:1-1:3 config no-refreshNote: The no-refresh shows you the screen once and exits. Otherwise, EXOS will continue to update the display. show port 3,4,9-12 config no-refreshPort ConfigurationPort Virtual Port Link Auto Speed Duplex Flow Load Mediarouter State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red================================================================================3 VR-Default E R ON AUTO AUTO UTP4 VR-Default E R ON AUTO AUTO UTP9 VR-Default E R ON AUTO AUTO UTP10 VR-Default E R ON AUTO AUTO UTP11 VR-Default E R ON AUTO AUTO UTP12 VR-Default E R ON AUTO AUTO UTP================================================================================> indicates Port Display Name truncated past 8 charactersLink State: A-Active R-Ready NP- Port not present L-LoopbackPort State: D-Disabled, E-EnabledMedia: !-Unsupported Optic ModuleMedia Red: * - use "show port info detail" for redundant media typeVLAN/Port Membershipshow port 1 info detailPort Utilizationshow port utilizationshow port 1-3 utilization bandwidthshow port 3:4,3:7 utilization packetsshow port 17 utilization bytesNote: the no-refresh option is not supported with this commandMonitor QoS behaviorshow port 1 qosmonitor no-refreshNote: You can only monitor one port from each SummitStack or BD8K module at a time.Link AggregationLink Aggregation is the standard industry term for what Cisco calls EtherChannel and Avaya calls MultiLinkTrunking.To create a LAG, the command isenable sharing <master port> grouping <port list>Examples:enable sharing 1 grouping 1-2enable sharing 5:3 grouping 5:3-5:4, 6:3-6:4To tear down the LAG, use the commanddisable sharing <master port>Some notes on using LAGs∙All of the ports must match in speed and duplex.∙After you create the group, all of the ports get grouped together under the master port.∙The master port needs to be included in the port list, so it will appear in the command twice∙The ports don’t have to be contiguous, but they should be in order from lowest to highest∙The ports on each switch should to be connected in corresponding order∙Try to spread the ports across different units in a stack or different modules in a chassis. That way, if one of the units goes down, the link will still stay up.∙When sharing is enabled, the master port will remain a member of its VLANs but the other member ports will be removed from their VLANs∙When sharing is disabled, the master port will remain a member of its VLANs but the other member ports will not belong to any VLANs.LACPTo use LACP with a LAG, simply add the LACP keyword at the end of the commandExamples:enable sharing 1 grouping 1-2 lacpenable sharing 5:3 grouping 5:3-5:4, 6:3-6:4 lacpThe Link Aggregation Control Protocol brings several advantages to Link Aggregation, some of which include ∙LACP gives much better visibility into the LAG partner switch∙Allows you to add and delete ports without tearing down the whole LAG∙LAG recovers from port failures faster with LACP∙LACP can only be added to a LAG when the LAG is built. If you create a LAG without LACP and later decide you want to add it, you have to tear down the LAG and then rebuild it using LACPNOTE:, LACP must be enabled on both ends before the LAG will come up. If LACP is enabled on one end and not the other, the ports on the LACP will never be operational. So it’s either all or nothing.Using VLAN'sEXOS is very VLAN-centric. Unlike port-based operating systems, most of the configuration in EXOS takes place at the VLAN level. VLANs are created, then given IP addresses, ports, 802.1Q tag values and QoS settings In short, the VLAN must be created first and then configured.Once the VLAN is created, you refer to it directly by name when you give it an IP address, add ports to it, etc. In fact, the VLAN name is mandatory and (in most cases) the keyword “vlan” i s optional. Also, in EXOS, VLANs are usually given descriptive names like “data” or “voice” or “wireless” instead of “vlan2100”.Note: When configuring VLANs, the “vlan” keyword is optionalCreate a VLANcreate vlan Datacreate vlan VoiceAssign an IP address to a VLANYou can use dotted decimal subnets or CIDR notation when specifying subnets. If no subnet mask is specified, the “natural mask” is assumed.# dotted decimal subnet notationconfig vlan Data ipaddress 10.1.10.1 255.255.255.0# CIDR subnet syntax and abbreviationsconf Voice ipa 10.1.20.1/24Assign an 802.1Q tag value to the VLANconfig Data tag 10Add and delete ports to/from a VLANIn EXOS, there are tagged ports and untagged ports. A tagged port will send and receive 802.1Q tagged packets to/from a specific VLAN. An untagged port will send untagged traffic to/from a specific VLAN.Untagged Ports: Because there’s no way to distinguish between VLANs when using untagged traffic, a port can be assigned as an untagged port to only one VLAN at a time. If you want untagged traffic to go to a different VLAN, you have to delete the port from the old VLAN before you can add it to the new one as an untagged port.If you don’t specify whether the port should be added as tag ged or untagged, untagged is assumed.Tagged Ports: Because traffic can be distinguished based on the 802.1Q tag value, a port can be assigned as tagged to multiple VLANs at a time. Which tag value is used is determined by the 802.Q tag value assigned to the VLAN.Mixing Tagged and Untagged Traffic: EXOS fully supports this. That is, a port can be an untagged member of one VLAN and a tagged member of several other VLANs simultaneously.#add untagged ports to a VLANconfig Data add port 1-12#add tagged ports on module 1 to a stacked switch or chassisconfig Data add port 2:45-48 tagGive a QoS profile to a VLANThere’s too much to explain about QoS on EXOS switches for this document. However, one thing to note is that w hen SummitStack switches are actually stacked together, QP7 (802.1p bit value of 6) is reserved by the stack for stacking control traffic. You won’t be able to use QP7 in your stacks.QoS Profiles QP1 and QP8 are always available. QP2 – QP7 have to be created before they can be used.create qos QP6config Voice qosprofile QP6Examining VLANsThe show vlan command will show you most of what you need to know regarding all of your VLANs, including IP addresses, the VLAN ID (802.1Q tag), how many ports are in the VLAN and a wealth of other information shown with a series of flags. In the example below, the “voice” vlan is configured to route (IP Forwarding Enabled), has OSPF enabled, and is protected by an EAPS ring.show vlan---------------------------------------------------------------------------------------Name VID Protocol Addr Flags Proto Ports VirtualActive router/Total---------------------------------------------------------------------------------------data 11 192.168.11.100 /24 -f-------o--------P------ ANY 0 /18 VR-DefaultDefault 1 --------------------------------------------- ANY 0 /0 VR-Defaultecv 3999 --------------------------------------C------ ANY 0 /2 VR-DefaultMgmt 4095 --------------------------------------------- ANY 0 /1 VR-Mgmtridge 31 192.168.31.100 /24 -f-------o--------P------ ANY 0 /2 VR-Defaultvoice 21 192.168.21.100 /24 -f-------o--------P------ ANY 0 /2 VR-Defaultwireless 41 --------------------------------------P------ ANY 0 /8 VR-Default---------------------------------------------------------------------------------------Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,(d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled,(E) ESRP Enabled, (f) IP Forwarding Enabled,(F) Learning Disabled, (i) ISIS Enabled, (I) Inter-Switch Connection VLAN for MLAG,(L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled,(M) Translation Member VLAN or Subscriber VLAN,(n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,(O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled, (W) VPWS EnabledTotal number of VLAN(s) : 7More detailed information on a particular VLAN is found with the commandshow vlan <vlan name>Or, becaus e the “vlan” keyword is usually optional, justshow <vlan name>Exampleshow dataVLAN Interface with name data created by userAdmin State: Enabled Tagging: 802.1Q Tag 11Virtual router: VR-DefaultIPv4 Forwarding: EnabledPrimary IP : 192.168.11.100/24IPv6 Forwarding: DisabledIPv6: NoneSTPD: NoneProtocol: Match all unfiltered protocolsLoopback: DisabledNetLogin: DisabledQosProfile: QP1Egress Rate Limit Designated Port: None configuredFlood Rate Limit QosProfile: None configuredPorts: 18. (Number of active ports=0)Untag: 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40Tag: 47, 48bFlags: (*) Active, (!) Disabled, (g) Load Sharing port(b) Port blocked on the vlan, (m) Mac-Based port(a) Egress traffic allowed for NetLogin(u) Egress traffic unallowed for NetLoginFDB Operationsshow fdb to see the entire L2 forwarding data baseshow fdb [vlan] <vlan name> to see the FDB for one VLANshow fdb ports <port list> to see the FDB for a set of portsshow fdb <mac_address> to see information on a particular MACTo clear the forwarding database the command isclear fdbYou can specify ports and vlans and particular mac addresses when clearing.IP RoutingShow the Route Tableshow iprouteNote:iproute is all one word in EXOSShow the IP Interfaces on the switchshow ipconfigNote:ipconfig is all one word in EXOSThe ARP Cacheshow iparpshow iparp <vlan name>show iparp <ipaddress>show iparp <macaddress>clear iparpclear iparp <vlan name>show iparp <ipaddress>Note:iparp is all one word in EXOSEnable RoutingIn EXOS, you have to do two things before you route to/from a VLANs:1.Give the VLAN an IP address2.Enable IP forwardingIf you just give the VLAN an IP address, you can ping the interface, telnet to it, point your web browser at it, but you the switch won’t route on that VLAN. To turn on routing on a VLANenable ipforwarding [vlan] <vlan name>To turn on ipforwarding on all of the VLANs at onceenable ipforwardingNote: enable ipforwarding only enables routing on the VLANs1.then in existence2.and also have IP addressesIf you enable ipforwarding and then later add a VLAN, IP forwarding will not be enabled on the new VLAN. You’ll have to add an IP address and then turn on IP forwarding for the VLAN.Note: just because you can ping a VLAN does not mean that VLAN has IP forwarding enabled. An EXOS switch will respond to a ping to any of its IP addresses regardless of the state of IP forwarding.Create Static / Default Routeconfig iproute add default <next hop gateway>config iproute add default 10.1.1.1config iproute add <subnet>/<mask> <next hop gateway>config iproute add 10.1.8.x/24 10.1.10.1OSPFSet the OSPF routeridconfig ospf routerid <router id>config ospf routerid 1.1.1.1enable ospfNote: OSPF must be disabled firstCreate an OSPF areacreate ospf area <area id>Set the OSPF router priorityconfig ospf [vlan] <vlan name> priority <0-255>config ospf data priority 200The range is 0 through 255, higher numbers win. The default setting is 1. Setting the value to 0 ensures that the router is never selected as the designated router (DR) or backup designated router (BDR).Note: you need a full core license to change the OSPF priority. An edge license doesn’t support OSPF and an advanced-edge license is only priority 0.Turn on OSPF for a VLANconfig ospf add Data area 0.0.0.0enable ospfTurn off OSPF for a VLANconfig ospf delete DataSee the status of OSPFshow ospfLook at the OSPF Neighborsshow ospf neighborLook at the OSPF LSDBshow ospf lsdbVRRPConfigure VRRPcreate vrrp Data vrid 1config vrrp Data vrid 1 add 10.1.10.1create vrrp vlan Voice vrid 2config vrrp Voice vrid 2 add 2 10.1.20.1enable vrrpNote: If the virtual IP address is the same as a VLAN IP address, the switch will preempt and become the VRRP master for that VRID, regardless of the priority settings.Examine VRRPshow config vrrp to see how it’s configuredshow vrrp to see what’s actually happeningTurn on SNTP# configure timezone name EST -300 autodst name EDTconfigure timezone name CST -360 autodst name CDT# configure timzone name MST -420 autodst name MDT# configure timzone name PST -480 autodst name PDTconfig sntp primary x.x.x.x vr vr-defconfig sntp secondary x.x.x.x vr vr-defenable sntp-clientEnable Web Access:enable web httpSNMPconfigure snmp add community readonly new_roconfigure snmp add community readwrite new_rwSNMP System Nameconfig snmp sysname “new name”Note: this will change the CLI prompt to match.Advanced Configuration ExamplesEAPS# assume that the Data and Voice vlans already existconfig Data add ports 49,50 taggedconfig Voice add ports 49,50 taggedcreate vlan EAPS-Controlconfig EAPS-Control tag 1000config EAPS-Control qosprofile qp8config EAPS-Control add port 49-50 tag# the VLAN that controls EAPS never ever gets an IP address. Ever.# the VLAN that controls EAPS never ever has user ports added to it. Ever.create eaps EAPS-Ringconfig EAPS-Ring mode master# config EAPS-Ring mode transit* Only one node on the ring is setup as Master, all others are Transit.config EAPS-Ring primary port 49config EAPS-Ring secondary port 50config EAPS-Ring add control EAPS-Controlconfig EAPS-Ring add protect Dataconfig EAPS-Ring add protect Voiceenable eapsenable eaps EAPS-RingTurn on a DHCP server on a test VLANconfigure vlan test ipaddress 10.1.10.1/24configure vlan test dhcp-address-range 10.1.10.100 – 10.1.10.150configure vlan test dhcp-options default-gateway 10.1.10.1enable dhcp port 1:1-1:12 vlan testNote: The DHCP server is not intended for production use. It ony supports a couple of options and it will not handle a heavy load.Bootprelay# enable bootprelay for every VLANenable bootprelay#or just for the upstream and downstream VLANsenable bootprelay vlan dataenable bootprelay vlan backbone#either way, add the IP address of the DHCP serverconfig bootprelay add 10.1.30.254To disable BOOTP relay on one or more VLANs, use the following command:disable bootprelay vlan dataTo see the bootprelay configuration and statisticsshow bootprelayMirroring (Span Port)Mirror all traffic received at 6:5 to the monitor port 3:4enable mirroring to port 3:4configure mirroring add port 6:5 ingressMirror all traffic received at port 5 to the monitor port 22enable mirroring to port 22configure mirroring add port 5 egressMirror all traffic received on VLAN red to the monitor port 4enable mirroring to port 4configure mirroring add vlan redMirror all traffic received on VLAN red, port 5 to the monitor port 4enable mirroring to port 4configure mirroring add vlan red port 5Mirror all traffic received at port 6:5 to the monitor ports 2:5-2:7. Port 3:1 is the loopback port (otherwise unused) enable mirroring to port-list 2:5-2:7 loopback-port 3:1configure mirroring add port 6:5 ingressNote: A loopback port is required when doing 1:many mirroring.To turn off mirroring, the command isdisable mirroringNote: Up to 128 mirroring filters can be configured with the restriction that a maximum of 16 of these can be configured as VLAN and/or virtual port (port + VLAN) filters.Note: One monitor port or 1 monitor port list can be configured. A monitor port list may contain up to 16 ports.。