dump

• You can dump the contents of the current configuration to a file that can be used to restore altered configuration settings.
  
  

The following commands save the current configuration as a script in the c:\test\rascfg.dmp file.

• From the command prompt:
  
  netsh ras dump > c:\test\rascfg.dmp
  
  
• From the netsh ras context prompt:
  
  set file open c:\test\rascfg.dmp
  
  dump
  
  set file close
  
  

You can use the netsh exec command to run the script created by the netsh dump command.

add authtype

[ type = ] { PAP | MD5CHAP | MSCHAPv2 | EAP | CERT }

[ type = ] { PAP | MD5CHAP | MSCHAPv2 | EAP | CERT }

Required. Specifies which authentication type to add to the list of types that the remote access server uses to negotiate authentication. The supported authentication types include:

• PAP: Enables Password Authentication Protocol (PAP). This authentication method sends all information in plaintext.
  
  
• MD5CHAP: Enables Challenge Handshake Authentication Protocol (CHAP), which uses the Message Digest 5 (MD5) hashing scheme to encrypt the response.
  
  
• MSCHAPv2: Enables version 2 of MSCHAP.
  
  
• EAP: Enables Extensible Authentication Protocol (EAP).
  
  
• CERT: Enables certificate-based authentication for use by Internet Key Exchange v2 (IKEv2). This option is available on RRAS servers running Windows Server 2008 R2 only, and applies to client computers running Windows 7 only.
  
  

• The remote access server will attempt to negotiate authentication by using protocols in order from the most secure to the least secure. After both the client and the server have agreed on an authentication type, PPP negotiation proceeds according to the appropriate RFCs.
  
  

add link

[ type = ] { swc | lcp }

[ type = ] { swc | lcp }

Required. Specifies which link property to add to the list of link properties that PPP negotiates.

• swc: Specifies that software compression (MPPC) is added.
  
  
• lcp: Specifies that Link Control Protocol (LCP) extensions from the PPP suite of protocols is added.
  
  

add multilink

[ type = ] { multi | bacp }

[ type = ] { multi | bacp }

Required. Specifies which multilink type to add to the list of multilink types PPP will negotiate.

• multi: Specifies that multilink PPP sessions are added.
  
  
• bacp: Specifies that Bandwidth Allocation Control Protocol (BACP) is added.
  
  

add registeredserver

[ [ domain = ] DomainName ]

[ [ server = ] ServerName ]

[ domain = ] DomainName

Specifies the domain in which to register the server. If you do not specify a domain, the server is registered in its primary domain.

[ server = ] ServerName

Specifies, by DNS name or IPv4 address, the server to register. If you do not specify a server, the computer from which you type the command is registered.

delete authtype

[ type = ] { PAP | MD5CHAP | MSCHAPv2 | EAP | CERT }

[ type = ] { PAP | MD5CHAP | mschapv2 | eap | CERT }

Required. Specifies the authentication type to delete from the list of types that the remote access server uses to negotiate authentication.

• PAP: Disables PAP.
  
  
• MD5CHAP: Disables MD5CHAP.
  
  
• MSCHAPv2: Disables MSCHAPv2.
  
  
• EAP: Disables EAP.
  
  
• CERT: Disables certificate-based authentication for use by IKEv2. This option is available on RRAS servers running Windows Server 2008 R2 only, and applies to client computers running Windows 7 only.
  
  

delete link

[ type = ] { swc | lcp }

[ type = ] { swc | lcp }

Required. Specifies which link property to delete from the list of link properties PPP will negotiate.

• swc: Specifies that MPPC software compression is deleted.
  
  
• lcp: Specifies that LCP extensions from the PPP suite of protocols is deleted.
  
  

delete multilink

[ type = ] {multi | bacp }

[ type = ] { multi | bacp }

Required. Specifies which multilink type to delete from the list of multilink types PPP will negotiate.

• multi: Specifies that multilink PPP sessions are deleted.
  
  
• bacp: Specifies that BACP is deleted.
  
  

delete registeredserver

[ [ domain = ] DomainName ]

[ [ server = ] ServerName ]

[ domain = ] DomainName

Specifies the domain from which to remove the registration. If you do not specify a domain, the registration is removed from the primary domain of the computer from which you type the command.

[ server = ] ServerName ]

Specifies, by IP address or DNS name, the server whose registration you want to remove. If you do not specify a server, the registration is removed for the computer from which you type the command.

set authmode

[ mode = ] { standard | nodcc | bypass }

[ mode = ] { standard | nodcc | bypass }

Required. Specifies whether dial-up clients using certain types of devices should be authenticated.

• standard specifies that clients using any type of device should be authenticated.
  
  
• nodcc specifies that clients using any type of device except a direct-connect device should be authenticated.
  
  
• bypass specifies that no clients should be authenticated.
  
  

set client

[ name = ] ClientName

[ state = ] { disconnect | resetstats }

[ name = ] ClientName

Required. Specifies the user name of the client to disconnect or reset statistics.

[ state =  ] { disconnect | resetstats }

Required. Specifies the action to perform. The parameter disconnect disconnects the specified user. The parameter resetstats resets the statistics for the specified user.

set conf

[ confstate = ] { enabled | disabled }

[ confstate = ] { enabled | disabled }

Required. Specifies the remote access configuration state.

• enabled: Enables the server configuration.
  
  
• disabled: Disables the server configuration and removes the server from the list of remote access servers.
  
  

set portstatus

[ [ name = ] PortName ]

[ name = ] PortName

Specifies the name of the port. If none is specified, resets statistics of all active ports.

set tracing

[ component = ] component

[ state = ] { enabled | disabled }

[ component = ] Component

Required. Specifies the component for which you want to enable or disable tracing. Use "*" to specify all components.

[ state = ] { enabled | disabled }

Required. Specifies whether to enable or disable tracing for the specified component.

• To see a list of all installed components, use the show tracing command without parameters.
  
  

To set tracing for the PPP component, type:

set tracing ppp enabled

set type

[ ipv4rtrtype = ] { lanonly | lananddd | none }

[ ipv6rtrtype = ] { lanonly | lananddd | none }

[ rastype = ] { ipv4 | ipv6 | both | none }

[ ipv4rtrtype = ] { lanonly | lananddd | none }

Specifies that the computer is configured as an IPv4 router. The lanonly parameter specifies that this computer is a LAN-only router and does not support demand-dial or VPN connections to remote networks. The lananddd parameter specifies that this computer is both a LAN and demand-dial router and supports VPN connections to remote networks. The none parameter specifies that this computer is not enabled as an IPv4 router.

[ ipv6rtrtype = ] { lanonly | lananddd | none }

Specifies that the computer is configured as an IPv6 router.

• lanonly specifies that this computer is a LAN-only router and does not support demand-dial or VPN connections to remote networks.
  
  
• lananddd specifies that this computer is a LAN and demand-dial router and supports VPN connections to remote networks.
  
  
• none specifies that this computer is not enabled as an IPv6 router.
  
  

[ rastype = ] { ipv4 | ipv6 | both | none }

Specifies that the computer is configured as a remote access server.

• ipv4 specifies that the computer accepts IPv4-based remote access connections.
  
  
• ipv6 specifies that the computer accepts IPv6-based remote access connections.
  
  
• both specifies that the computer accepts remote access connections for both IPv4 and IPv6.
  
  
• none specifies that the computer is not configured as a remote access server.
  
  

set user

[ name = ] UserName

[ dialin = ] { permit | deny | policy }

[ [ cbpolicy = ] { none | caller | admin }

[ cbnumber = ] CallbackNumber ]

[ name = ] UserName

Required. Specifies, by logon name, the user for which you want to set properties.

[ dialin = ] { permit | deny | policy }

Required. Specifies the circumstances under which the user is allowed to connect.

• permit specifies that the user is allowed to connect.
  
  
• deny specifies that the user is not allowed to connect.
  
  
• policy specifies that remote access policies determine whether the user is allowed to connect.
  
  

[ cbpolicy = ] { none | caller | admin } [ cbnumber = ] CallbackNumber

Specifies the callback policy for the user. The callback feature saves the user the cost of the phone call used to connect to a remote access server.

• none specifies that the user is not called back.
  
  
• caller specifies that the user is called back at a number specified by the user at connection time.
  
  
• admin specifies that the user is called back at the number specified by the CallbackNumber parameter.
  
  

• The policy option is not available for users that belong to a mixed-mode domain. For users in a mixed-mode domain, the policy parameter and the deny parameter are equivalent.
  
  

To allow User1 to connect and be called back at (425) 555-0110, type:

set user user1 dialin=permit cbpolicy=admin cbnumber=4255550110

show activeservers

show authmode

show authtype

show client

[ [ name = ] ClientName ]

[ name = ] ClientName

Shows the status of a given client connected to the server. If this parameter is "*", show client enumerates the status of all clients. If no name is specified, show client shows which, if any, remote access clients are connected to the server.

show conf

show link

show multilink

show portstatus

[ [ name = ] PortName ]

[ [ state = ] { nonoperational | disconnected | callingback | listening | authenticating | connected | initializing } ]

[ name = ] PortName

Specifies the port for which to display status.

[ state = ] { nonoperational | disconnected | callingback | listening | authenticating | connected | initializing } ]

Display ports with the specified state.

The following show the port status using the name and state parameters.

show portstatus name=VPN0-127

show portstatus state=connected

show registeredserver

[ [ domain = ] DomainName ]

[ [ server = ] ServerName ]

[ domain = ] DomainName

Specifies the domain in which the server about which you want to display information is registered. If you do not specify a domain, the primary domain of the computer from which the command is issued is assumed.

[ server = ] ServerName

Specifies, by IP address or DNS name, the server about which you want to display information. If you do not specify a server, the computer from which the command is issued is assumed.

show status

show tracing

[ [ component = ] component ]

[ component = ] component

Specifies the component for which to display information. If no component is specified, show tracing shows the state of all installed components.

show type

Syntax

Parameters

set ikev2connection

[ idletimeout = ] integer

[ nwoutagetime = ] integer

[ idletimeout = ] integer

Specifies the time, in minutes, that the VPN client can remain idle before it is disconnected by the RRAS server. The value can range from a minimum of 5 minutes to a maximum of 2879 minutes (less than 48 hours).

[ nwoutagetime = ] integer

Specifies the time, in minutes, that the VPN client tolerates a network outage before dropping the connection. The minimum value is 2 minutes.

set ikev2saexpiry

[ saexpirytime = ] integer

[ sadatasizelimit = ] integer

[ saexpirytime = ] integer

Specifies the time, in minutes, that an IKEv2-based SA is allowed to exist before the SA must be renegotiated. The value can range from a minimum of 5 minutes to a maximum of 2879 minutes (less than 48 hours).

[ sadatasizelimit = ] integer

Specifies the amount of data, in megabytes (MB), that can be transferred through an IKEv2-based SA before the SA must be renegotiated. The minimum value is 1 MB.

set sstp-ssl-cert

[ [ name = ] { certname | default } ]

[ [ hash = ] hash ]

[ name = ] { certname | default }

Specifies the name of the certificate to be used for SSTP connections. If you specify default, then SSTP is reset to its default configuration.

[ hash = ] hash

Specifies the SHA-1 hash of the certificate to be used for SSTP connections.

set wanports

[ device = ] devicename

[ [ rasinonly = ] { enabled | disabled } ]

[ [ ddinout = ] { enabled | disabled } ]

[ [ ddoutonly = ] { enabled | disabled } ]

[ [ phone = ] phonenumber ]

[ [ maxports = ] integer ]

[ device = ] devicename

Specifies the device name of the port. Typical entries available in Windows include:

• WAN Miniport (SSTP)
  
  
• WAN Miniport (PPTP)
  
  
• WAN Miniport (PPPOE)
  
  
• WAN Miniport (L2TP)
  
  
• WAN Miniport (IKEv2)
  
  

[ rasinonly = ] { enabled | disabled }

Specifies whether the specified port type accepts inbound remote access connections.

[ ddinout = ] { enabled | disabled }

Specifies whether the specified port type can be used for both inbound and outbound routing connections.

[ ddoutonly = ] { enabled | disabled }

Specifies whether the specified port type is usable only for outbound routing connections.

[ phone = ] phonenumber

Specifies the destination of the outbound routing connection. If the port is attached to a modem or ISDN device, then it specifies a phone number. If the port is direct connected to a network, then it specifies the IPv4 or IPv6 address of the destination router.

[ maxports = ] integer

Specifies the maximum number of ports for the specified device type.

show ikev2connection

show ikev2saexpiry

show sstp-ssl-cert

show wanports

[ device = ] devicename

[ device = ] devicename

Specifies the device name of the port. Typical entries available in Windows include:

• WAN Miniport (SSTP)
  
  
• WAN Miniport (PPTP)
  
  
• WAN Miniport (PPPOE)
  
  
• WAN Miniport (L2TP)
  
  
• WAN Miniport (IKEv2)