< Home

mirror-interface

Function

The mirror-interface command configures the mirrored interface for the SSL-encrypted traffic.

The undo mirror-interface command removes the mirrored interface for the SSL-encrypted traffic.

Format

mirror-interface { interface-name | interface-type interface-number }

undo mirror-interface

Parameters

Parameter Description Value
interface-name

Indicates the interface name of a mirrored interface.

 The value is not case-sensitive.
interface-type interface-number

Indicates the interface type and interface number of a mirrored interface.

 The value is not case-sensitive.

Views

SSL-encrypted traffic detection policy profile view

Default Level

2: Configuration level

Usage Guidelines

By default, no mirrored interface is available.

After the system decrypts SSL-encrypted traffic, the system diverts the decrypted traffic to a third-party professional device for traffic detection or audit. If a mirroring interface is selected, the decrypted traffic is sent to the third-party device over this interface.

Before mirror interface configuration, the type of the detection profile must be configured.

Only one mirrored interface can be configured. If you run the mirror-interface command to configure multiple mirrored interfaces, only the last one takes effect.

Example

# Configure mirrored interface GigabitEthernet 0/0/0 for SSL-encrypted traffic.

<sysname> system-view
[sysname] profile type decryption name profile1
[sysname-profile-decryption-profile1] detect type outbound
[sysname-profile-decryption-profile1] mirror-interface GigabitEthernet 0/0/0
Parent Topic: SSL-Encrypted Traffic Detection Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >