netshRAS Context

netsh/RAS Context

Configures a remote-access server.

Subcontexts

AAAA

Appletalk

IPX

NETBEUI

Only commands for the IP subcontext are covered in this section. For a list of commands in a different subcontext, switch to that subcontext and type help .

Commands

aaaa: Switches to AAAA subcontext.
add authtype type=[PAP SPAP MD5CHAP MSCHAP MSCHAPv2 EAP]: Specifies additional types of authentication the RAS server can negotiate.
add link type=[SWC LCP]: Specifies additional link properties that can be used for PPP negotiation.
add multilink type=[MULTI BACP]: Specifies additional multilink types that can be used for PPP negotiation.
add registeredserver name =domainname server=RASservername: Registers the RAS server in Active Directory.
appletalk: Switches to Appletalk subcontext.
delete [authtype link multilink registeredserver] [options]: Removes a RAS authentication, PPP link, or PPP multilink type or unregisters a RAS server in Active Directory (see the add commands earlier in this list for the syntax).
dump: Dumps the configuration of the remote-access server as a series of NetShell commands.
ip: Switches to IP subcontext. The commands available in this subcontext are listed in Table 5-12.
ipx: Switches to IPX subcontext.
netbeui: Switches to NETBEUI subcontext.
set authmode mode=[STANDARD NODCC BYPASS]: STANDARD means all clients must be authenticated, NODCC bypasses authentication for direct cable connections, and BYPASS means authentication isn't required for any type of device.
set tracing component=componentname state=[ENABLED DISABLED]: Turns extended tracing on or off for the specified component (use an asterisk to represent all components ).
set usernames=username dialin=[PERMIT DENY POLICY] [cbpolicy=[NONE CALLER ADMIN] cbnumber=callbacknumber]: Configures the RAS properties for the specified user, including whether the user is specifically allowed or denied the right to dial in, whether this is determined by the remote-access policy, and whether the user can use callback when dialing in.
show activeservers: Causes the server to listen for RAS server advertisements.
show authmode: Displays the current authentication mode of the RAS server.
show authtype: Displays the authentication types currently enabled on the server.
show client: Lists RAS clients currently connected to the server.
show link: Displays the types of link properties that the server currently uses for PPP negotiation.
show multilink: Displays the types of multilink types that the server currently uses for PPP negotiation.
show registeredserver domain=domainname server=RASservername: Verifies whether the specified RAS server is registered in Active Directory for that domain.
show tracing component=componentname: Displays whether extended tracing is enabled for the specified component. (If no component is specified, then the state of tracing is displayed for all components.)
show usernames=username mode=[PERMIT REPORT]: Displays the RAS settings for the specified useror for all users, if no username is specified. PERMIT displays only those users whose dial-in setting is currently set to PERMIT , while REPORT displays all users in the current domain.

Table 5-12. Commands available in RAS IP subcontext

Command	Option	Description
add	Range	Specifies address ranges for static address pool
delete	Pool	Removes all ranges from static address pool
	Range	Removes specified range from static address pool
dump		Dumps configuration as netsh commands
set	Access	Gives RAS clients access to network beyond RAS server
	Addrassign	Specifies method RAS server assigns addresses to RAS clients
	Addrreq	Allows RAS clients to request addresses from RAS server
	Negotiation	Enables IP negotiation for RAS client connections
show	Config	Displays current configuration of RAS server

Examples

Enter RAS context of NetShell:

 C:\>  netsh  netsh>  ras  ras>

Display the authentication mode and types currently configured on the server:

 ras>  show authmode  authentication mode = standard ras>  show authtype  Enabled Authentication Types: Code          Meaning ------------------------------------------ MSCHAP        Microsoft Challenge-Handshake                 Authentication Protocol. MSCHAPv2      Microsoft Challenge-Handshake                  Authentication Protocol version 2.

Check whether the RAS server test.mtitcanada.com is registered in Active Directory:

 ras>  show registeredserver domain=mtitcanada.com server=test  The following RAS server is registered:   RAS Server:  test   Domain:      mtitcanada.com

Check if user Sally is currently allowed to dial in to the RAS server:

 ras>  show usernames=sally  usernames:              sally Dialin:                 policy Callback policy:        none Callback number:

The default remote-access policy denies all users RAS dial-in permission, so specifically assign Sally this permission and enable callback:

 ras>  set usernames=sally dialin=permit cbpolicy=admin cbnumber=555-777-1212  usernames:              sally Dialin:                 permit Callback policy:        admin Callback number:        555-777-1212

Switch to the IP subcontext:

 ras>  ip  ras ip>

Show the IP configuration of the RAS server (this isn't the IP address of the server's interface, but rather how it provides clients with IP addresses when they connect):

 ras ip>  show config  RAS IP config   Negotiation mode:      allow   Access mode:           all   Address request mode:  deny   Assignment method:     auto   Pool:

Notes

Use the set user command in a batch file or script to automatically configure RAS dial-in settings for a collection of users.

Subcontexts

Commands

Table 5-12. Commands available in RAS IP subcontext

Examples

Notes

See Also