The following commands are specific to the ras context within the Netsh environment.

To view the command syntax, click a command:

Add commands

Delete commands

Set commands

Show commands

Netsh commands for RAS

The following entries provide details for each command.

show activeservers

Displays a list of remote access server (RAS) advertisements.

Syntax

show activeservers

show client

Lists remote access clients connected to this server.

Syntax

show client

[[name=] Name]

Parameters

[[name=] Name]


Shows the status of a given client connected to the server. If this parameter is "*", show client enumerates the status of all clients. If no name is specified, show client shows which, if any, remote access clients are connected to the server.

set client

Resets the user statistics and disconnects a remote access client.

Syntax

set client

[name=] Name

[state=] {disconnect | resetstats}

Parameters

[name=] Name


Required. Specifies the user name of the client to disconnect or reset statistics.
[state=] {disconnect | resetstats}


Required. Specifies the action to perform. The parameter disconnect disconnects the specified user. The parameter resetstats resets the statistics for the specified user.

dump

Displays the configuration of the remote access server in script form.

Syntax

dump

Remarks

  • You can dump the contents of the current configuration to a file that can be used to restore altered configuration settings.

Example

The following command saves the current configuration as a script in the rascfg.dmp file.

dump > rascfg.dmp

show tracing

Shows whether tracing is enabled for the specified component. To see a list of all installed components and whether tracing is enabled for each, use the show tracing command without parameters.

Syntax

show tracing [component]

Parameters

component


Specifies the component for which to display information. If no component is specified, show tracing shows the state of all installed components.

set tracing

Enables or disables tracing for the specified component.

Syntax

set tracing component {enabled | disabled}

Parameters

Component


Required. Specifies the component for which you want to enable or disable tracing. Use "*" to specify all components.
{enabled | disabled}


Required. Specifies whether to enable or disable tracing for the specified component.

Remarks

  • To see a list of all installed components, use the show tracing command without parameters.

Example

To set tracing for the PPP component, type:

set tracing ppp enabled

show authmode

Shows whether dial-up clients using certain types of devices should be authenticated.

Syntax

show authmode

set authmode

Specifies whether dial-up clients using certain types of devices should be authenticated.

Syntax

set authmode {standard | nodcc | bypass}

Parameters

{standard | nodcc | bypass}


Required. Specifies whether dial-up clients using certain types of devices should be authenticated. The parameter standard specifies that clients using any type of device should be authenticated. The parameter nodcc specifies that clients using any type of device except a direct-connect device should be authenticated. The parameter bypass specifies that no clients should be authenticated.

add authtype

Adds an authentication type to the list of types through which the remote access server should attempt to negotiate authentication.

Syntax

add authtype {pap | md5chap | mschap | mschapv2 | eap}

Parameters

{pap | md5chap | mschap | mschapv2 | eap}


Required. Specifies which authentication type to add to the list of types through which the remote access server should attempt to negotiate authentication. The pap parameter specifies that the remote access server should use the Password Authentication Protocol (plaintext). The md5chap parameter specifies that the remote access server should use the Challenge Handshake Authentication Protocol (using the Message Digest 5 hashing scheme to encrypt the response). The mschap parameter specifies that the remote access server should use the Microsoft Challenge-Handshake Authentication Protocol. The mschapv2 parameter specifies that the remote access server should use version 2 of MSCHAP. The eap parameter specifies that the remote access server should use Extensible Authentication Protocol.

Remarks

  • The remote access server will attempt to negotiate authentication by using protocols in order from the most secure to the least secure. After both the client and the server have agreed on an authentication type, PPP negotiation proceeds according to the appropriate RFCs.

delete authtype

Deletes an authentication type from the list of types through which the remote access server should attempt to negotiate authentication.

Syntax

delete authtype{pap | md5chap | mschap | mschapv2 | eap}

Parameters

{pap| md5chap | mschap | mschapv2 | eap}


Required. Specifies which authentication type to delete from the list of types through which the remote access server should attempt to negotiate authentication. The pap parameter specifies that the remote access server should not use the Password Authentication Protocol (plaintext). The md5chap parameter specifies that the remote access server should not use the Challenge Handshake Authentication Protocol (using the Message Digest 5 hashing scheme to encrypt the response). The mschap parameter specifies that the remote access server should not use the Microsoft Challenge-Handshake Authentication Protocol. The mschapv2 parameter specifies that the remote access server should not use version 2 of MSCHAP. The eap parameter specifies that the remote access server should not use Extensible Authentication Protocol.

show authtype

Lists the authentication type (or types) that the remote access server uses to attempt to negotiate authentication.

Syntax

show authtype

add link

Adds a link property to the list of link properties PPP will negotiate.

Syntax

add link {swc | lcp}

Parameters

{swc | lcp}


Required. Specifies which link property to add to the list of link properties PPP will negotiate. The parameter swc specifies that software compression (MPPC) should be added. The parameter lcp specifies that Link Control Protocol extensions from the PPP suite of protocols should be added.

delete link

Deletes a link property from the list of link properties PPP will negotiate.

Syntax

delete link {swc | lcp}

Parameters

{swc | lcp}


Required. Specifies which link property to delete from the list of link properties PPP will negotiate. The parameter swc specifies that software compression (MPPC) should be deleted. The parameter lcp specifies that Link Control Protocol extensions from the PPP suite of protocols should be deleted.

show link

Displays the link properties PPP will negotiate.

Syntax

show link

add multilink

Adds a multilink type to the list of multilink types PPP will negotiate.

Syntax

add multilink {multi | bacp}

Parameters

{multi | bacp}


Required. Specifies which multilink type to add to the list of multilink types PPP will negotiate. The parameter multi specifies that multilink PPP sessions should be added. The parameter bacp specifies that Bandwidth Allocation Control Protocol should be added.

delete multilink

Deletes a multilink type from the list of multilink types PPP will negotiate.

Syntax

delete multilink {multi | bacp}

Parameters

{multi | bacp}


Required. Specifies which multilink type to delete from the list of multilink types PPP will negotiate. The parameter multi specifies that multilink PPP sessions should be deleted. The parameter bacp specifies that Bandwidth Allocation Control Protocol should be deleted.

show multilink

Shows the multilink types PPP will negotiate.

Syntax

show multilink

add registeredserver

Registers the specified server as a remote access server in the specified Active Directory® domain. Used without parameters, add registeredserver registers the computer from which you type the command in its primary domain.

Syntax

add registeredserver

[[domain=] DomainName]

[[server=] ServerName]

Parameters

[[domain=] DomainName]


Specifies, by domain name, the domain in which to register the server. If you do not specify a domain, the server is registered in its primary domain.
[[server=] ServerName]


Specifies, by Domain Name System (DNS) name or IP address, the server to register. If you do not specify a server, the computer from which you type the command is registered.

delete registeredserver

Deletes the registration of the specified server as a remote access server from the specified Active Directory domain. Used without parameters, delete registeredserver deletes the registration of the computer from which you type the command from its primary domain.

Syntax

delete registeredserver

[[domain=] DomainName]

[[server=] ServerName]

Parameters

[[domain=] DomainName]


Specifies, by domain name, the domain from which to remove the registration. If you do not specify a domain, the registration is removed from the primary domain of the computer from which you type the command.
[[server=] ServerName]


Specifies, by IP address or DNS name, the server whose registration you want to remove. If you do not specify a server, the registration is removed for the computer from which you type the command.

show registeredserver

Displays status information about the specified server registered as a remote access server in the specified Active Directory domain. Used without parameters, the computer and primary domain from which the command is issued is assumed.

Syntax

show registeredserver

[[domain=] DomainName]

[[server=] ServerName]

Parameters

[[domain=] DomainName]


Specifies, by domain name, the domain in which the server about which you want to display information is registered. If you do not specify a domain, the primary domain of the computer from which the command is issued is assumed.
[[server=] ServerName]


Specifies, by IP address or DNS name, the server about which you want to display information. If you do not specify a server, the computer from which the command is issued is assumed.

show user

Displays the properties of a specified remote access user or users. Used without parameters, show user displays the properties of all remote access users.

Syntax

show user

[name=] UserName

[[mode=] {permit | report}]

Parameters

[name=] UserName


Specifies, by logon name, the user whose properties you want to display. If you do not specify a user, the properties of all users are displayed.
[[mode=] {permit | report}]


Specifies whether to show properties for all users or only those whose dial-up permission is set to permit. The permit parameter specifies that properties should be displayed only for users whose dial-up permission is permit. The report parameter specifies that properties should be displayed for all users.

set user

Sets the properties of the specified remote access user.

Syntax

set user

[name=] UserName

[dialin=] {permit | deny | policy}

[cbpolicy=] {none | caller | admin

[cbnumber=] CallbackNumber}

Parameters

[name=] UserName


Required. Specifies, by logon name, the user for which you want to set properties.
[dialin=] {permit | deny | policy}


Required. Specifies under what circumstances the user should be allowed to connect. The permit parameter specifies that the user should always be allowed to connect. The deny parameter specifies that the user should never be allowed to connect. The policy parameter specifies that remote access policies should determine whether the user is allowed to connect.
[cbpolicy] {none | caller | admin [cbnumber=] CallbackNumber}


Required. Specifies the callback policy for the user. The callback feature saves the user the cost of the phone call used to connect to a remote access server. The none parameter specifies that the user should not be called back. The caller parameter specifies that the user should be called back at a number specified by the user at connection time. The admin parameter specifies that the user should be called back at the number specified by the CallbackNumber parameter.

Remarks

  • The policy option is not available for users that belong to a mixed-mode domain. For users in a mixed-mode domain, the policy parameter and the deny parameter are equivalent.

Example

To allow GuestUser to connect and be called back at (425) 555-0110, type:

set user guestuser permit admin 4255550110

show status

Shows the status of server running Routing and Remote Access.

Syntax

show status

show conf

Shows the remote access configuration state of the server.

Syntax

show conf

set conf

Sets the remote access configuration state of the server.

Syntax

set conf

[confstate=] {enabled | disabled}

Parameters

[confstate=] {enabled | disabled}


Required. Specifies the remote access configuration state. The enabled parameter enables the server configuration. The disabled parameter disables the server configuration and removes the server from the list of remote access servers.

show portstatus

Shows the current status of RAS ports.

Syntax

show portstatus

[[name=] PortName]

[[state=] State]

Parameters

[[name=] PortName]


Specifies the port for which to display status.
[[state=] State]


Display ports with the specified state.

Remarks

The following are the RAS port states:

nonoperational


Non-operational ports
disconnected


Disconnected ports
callingback


Ports calling back
listening


Ports listening
authenticating


Ports authenticating
connected


Authenticated and connected ports
initializing


Ports initializing

Examples

The following show the port status using the name and state parameters.

show portstatus name=VPN0-127

show portstatus state=connected

set portstatus

Resets the RAS ports statistics.

Syntax

set portstatus

[[name=] PortName]

Parameters

[[name=] PortName]


Specifies the name of the port. If none is specified, resets statistics of all active ports.

show type

Shows the router and RAS properties.

Syntax

show type

set type

Specifies the router and RAS roles of the server.

Syntax

set type

[ipv4rtrtype=] {lanonly | lananddd | none}

[ipv6rtrtype=] {lanonly | lananddd | none}

[rastype=] {ipv4 | ipv6 | both | none}

Parameters

[ipv4rtrtype=] {lanonly | lananddd | none}


Specifies the computer is configured as an IPv4 router. The lanonly parameter specifies that this computer is a LAN-only router and does not require demand-dial or VPN connections. The lananddd parameter specifies that this computer is a LAN and demand-dial router and supports VPN connections. The none parameter specifies that this computer is not enabled as an IPv4 router.
[ipv6rtrtype=] {lanonly | lananddd | none}


Specifies the computer is configured as an IPv6 router. The lanonly parameter specifies that this computer is a LAN-only router and does not require demand-dial or VPN connections. The lananddd parameter specifies that this computer is a LAN and demand-dial router and supports VPN connections. The none parameter specifies that this computer is not enabled as an IPv6 router.
[rastype=] {ipv4 | ipv6 | both | none}


Specifies the computer is configured as a remote access server. The ipv4 parameter specifies the computer is configured for IPv4. The ipv6 parameter specifies the computer is configured for IPv6. The both parameter specifies the computer is configured for IPv4 and IPv6. The none parameter specifies the computer is not configured as a remote access server.
  • Netsh Commands for Remote Access
  • Netsh RAS AAAA Context Commands