Netsh RAS AAAA Context Commands

Applies To: Windows Server 2008, Windows Server 2008 R2

The following commands are specific to the ras AAAA context within the Netsh environment.

To view the command syntax, click a command:

  • dump

Add commands

  • add acctserver

  • add authserver

Delete commands

  • delete acctserver

  • delete authserver

Set commands

  • set accounting

  • set acctserver

  • set authentication

  • set authserver

  • set ipsecpolicy

Show commands

  • show accounting

  • show acctserver

  • show authentication

  • show authserver

  • show ipsecpolicy

Netsh commands for ras AAAA

The following entries provide details for each command.

dump

Displays the AAAA configuration of a remote access server in script form.

Syntax

dump

Remarks

  • You can dump the contents of the current configuration to a file that can be used to restore altered configuration settings.

Example

The following commands save the current configuration as a script in the c:\test\rasAAAAcfg.dmp file.

  • From the command prompt:

    netsh ras aaaa dump > c:\test\rasAAAAcfg.dmp

  • From the netsh ras aaaa context prompt:

    set file open c:\test\rasAAAAcfg.dmp

    dump

    set file close

You can use the netsh exec command to run the script created by the netsh dump command.

add acctserver

Specifies a RADIUS server to use for accounting.

Syntax

add acctserver

[ name = ] ServerID

[ [ secret = ] SharedSecret ]

[ [ init-score = ] ServerPriority ]

[ [ port = ] Port ]

[ [ timeout = ] Seconds ]

[ [ messages = ] { enabled | disabled } ]

Parameters

  • [ **name = ] ServerID**
    Required. Specifies the RADIUS server by IP address or DNS name.
  • [ **secret = ] SharedSecret**
    Specifies the preshared key.
  • [ **init-score = ] ServerPriority**
    Specifies the initial server priority score.
  • [ **port = ] Port**
    Specifies the TCP port number to which accounting requests should be sent.
  • [ **timeout = ] Seconds**
    Specifies the timeout period, in seconds, during which the RADIUS server can be idle before it should be marked unavailable.
  • [ **messages = ] { enabled | disabled }**
    Specifies whether to send accounting on/off messages. The enabled parameter specifies that messages should be sent. The disabled parameter specifies that messages should not be sent.

delete acctserver

Deletes a RADIUS accounting server.

Syntax

delete acctserver

[ name = ] ServerID

Parameters

  • [ **name = ] ServerID**
    Required. Specifies which server to delete, by DNS name or IP address.

set acctserver

Provides the IP address or the DNS name of a RADIUS server to use for accounting. This command performs the same task, and uses the same parameters as the add acctserver command.

Syntax

set acctserver

[ name = ] ServerID

[ [ secret = ] SharedSecret ]

[ [ init-score = ] ServerPriority ]

[ [ port = ] Port ]

[ [ timeout = ] Seconds ]

[ [ messages = ] { enabled | disabled } ]

Parameters

  • [ **name = ] ServerID**
    Required. Specifies the RADIUS server by IP address or DNS name.
  • [ **secret = ] SharedSecret**
    Specifies the preshared key.
  • [ **init-score = ] ServerPriority**
    Specifies the initial server priority score.
  • [ **port = ] Port**
    Specifies the TCP port number to which accounting requests should be sent.
  • [ **timeout = ] Seconds**
    Specifies the timeout period, in seconds, during which the RADIUS server can be idle before it should be marked unavailable.
  • [ **messages = ] { enabled | disabled }**
    Specifies whether to send accounting on/off messages. The enabled parameter specifies that messages should be sent. The disabled parameter specifies that messages should not be sent.

show acctserver

Displays detailed information about an accounting server. Used without parameters, show acctserver displays information about all configured accounting servers.

Syntax

show acctserver

[ [ name = ] ServerID ]

Parameters

  • [ **name = ] ServerID**
    Specifies the RADIUS server about which to display information, by DNS name or IP address.

add authserver

Provides the IP address or the DNS name of a RADIUS server to which authentication requests should be passed.

Syntax

add authserver

[ name = ] ServerID

[ [ secret = ] SharedSecret ]

[ [ init-score = ] ServerPriority ]

[ [ port = ] Port ]

[ [ timeout = ] Seconds ]

[ [ signature = ] { enabled | disabled } ]

Parameters

  • [ **name = ] ServerID**
    Required. Specifies the RADIUS server by IP address or DNS name.
  • [ **secret = ] SharedSecret**
    Specifies the preshared key.
  • [ **init-score = ] ServerPriority**
    Specifies the initial server priority score.
  • [ **port = ] Port**
    Specifies the TCP port number to which authentication requests should be sent.
  • [ **timeout = ] Seconds**
    Specifies the timeout period, in seconds, during which the RADIUS server can be idle before it should be marked unavailable.
  • [ **signatures = ] { enabled | disabled }**
    Specifies whether to use digital signatures. The enabled parameter specifies that digital signatures should be used. The disabled parameter specifies that digital signatures should not be used.

delete authserver

Deletes a RADIUS authentication server.

Syntax

delete authserver

[ name = ] ServerID

Parameters

  • [ **name = ] ServerID**
    Required. Specifies which server to delete, by DNS name or IP address.

set authserver

Provides the IP address or the DNS name of a RADIUS server to which authentication requests should be passed. This command performs the same task, and uses the same parameters as the add authserver command.

Syntax

set authserver

[ name = ] ServerID

[ [ secret = ] SharedSecret ]

[ [ init-score = ] ServerPriority ]

[ [ port = ] Port ]

[ [ timeout = ] Seconds ]

[ [ signature = ] { enabled | disabled } ]

Parameters

  • [ **name = ] ServerID**
    Required. Specifies the RADIUS server by IP address or DNS name.
  • [ **secret = ] SharedSecret**
    Specifies the preshared key.
  • [ **init-score = ] ServerPriority**
    Specifies the initial server priority score.
  • [ **port = ] Port**
    Specifies the TCP port number to which authentication requests should be sent.
  • [ **timeout = ] Seconds**
    Specifies the timeout period, in seconds, during which the RADIUS server can be idle before it should be marked unavailable.
  • [ **signatures = ] { enabled | disabled }**
    Specifies whether to use digital signatures. The enabled parameter specifies that digital signatures should be used. The disabled parameter specifies that digital signatures should not be used.

show authserver

Displays detailed information about an authentication server. Used without parameters, show authserver displays information about all configured authentication servers.

Syntax

show authserver

[ [ name = ] ServerID ]

Parameters

  • [ [ **name = ] ServerID ]**
    Specifies the RADIUS server about which to display information, by DNS name or IP address.

set accounting

Specifies the accounting provider.

Syntax

set accounting { windows | radius | none }

Parameters

  • { **windows | radius | none }**
    Required. Specifies whether accounting should be performed and by which server. The windows parameter specifies that Windows security on the local RRAS server should perform accounting. The radius parameter specifies that a RADIUS server should perform accounting. The none parameter specifies that no accounting should be performed.

show accounting

Displays the currently configured accounting provider.

Syntax

show accounting

set authentication

Specifies the authentication provider.

Syntax

set authentication { windows | radius }

Parameters

  • { **windows | radius }**
    Required. Specifies which technology should perform authentication. The windows parameter specifies that Windows security on the local RRAS server should perform authentication. The radius parameter specifies that a RADIUS server should perform authentication.

show authentication

Displays the currently configured authentication provider.

Syntax

show authentication

set ipsecpolicy

Sets the IPsec policy for the L2TP connection.

Syntax

set ipsecpolicy

[ psk = ] { enabled | disabled }

[ secret = ] SharedSecret

Parameters

  • [ **psk = ] { enabled | disabled }**
    Required. Specifies whether an L2TP connection uses an IPsec policy configured to use either a preshared key or certificates. The enabled parameter specifies that the IPsec policy uses an IPsec policy configured with a preshared key. The disabled parameter specifies that the IPsec policy is set to use certificates.
  • [ **secret = ] SharedSecret**
    Required when psk authentication is enabled. Specifies the preshared key to be used with the custom IPsec policy.

Example

The following sets the IPsec policy for the L2TP connection.

set ipsecpolicy psk=enabled secret="P@ssword"

show ipsecpolicy

Shows whether the IPsec policy for the L2TP connection is configured to use a preshared key or certificates.

Syntax

show ipsecpolicy