Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 15.1R3 for EX Series switches.


Configure a URL that redirects unauthenticated hosts to a central Web authentication (CWA) server. The CWA server provides a web portal where the user can enter a username and password. If these credentials are validated by the CWA server, the user is authenticated and is allowed access to the network.

The redirect URL for central Web authentication can be configured centrally on the AAA server or locally on the switch. Use the redirect-url statement to configure the redirect URL locally on the interface connecting the host to the switch.

The redirect URL and a dynamic firewall filter must both be present for the central Web authentication process to be triggered. For more information about configuring the redirect URL and the dynamic firewall filter for central Web authentication, see Configuring Central Web Authentication.


Disabled. The redirect URL is not enabled for central Web authentication by default.


urlThe URL that redirects the host to the server that will handle central web authentication. The redirect URL must use the HTTP or HTTPS protocol and include an IP address or website name. The following are examples of valid redirect URL formats:









When the dynamic firewall filter is configured using the special Filter-ID attribute JNPR_RSVD_FILTER_CWA, the CWA redirect URL must include the IP address of the AAA server, for example,

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.