How to use command line for configuring Routing and Remote Access Server

  • Article

Netsh is a command line tool to configure and administer Windows based computers. Netsh can be used extensively for Routing and remote access configurations. Some of the netsh commands in RAS context are  -

  1. Command – Netsh ras add authtype add authtype [type = ] PAP|SPAP|MD5CHAP|MSCHAP|MSCHAPv2|EAP
    • Selects the types of authentication which this RAS server will attempt to negotiate.  Negotiation will be in the order most-secure to least-secure.
  2. Command – Netsh ras add registeredserver
    • Registers the given Windows 2000 computer as a RAS server in the Active Directory of the given domain.
  3. Command – Netsh ras add link [type = ] SWC|LCP
    • Adds to the list of link properties PPP will negotiate.
  4. Command – Netsh ras add multilink [type = ] MULTI|BACP
    • Adds to the list of multilink types PPP will negotiate.
  5. Command – Netsh ras set authmode [mode = ] STANDARD|NODCC|BYPASS
    • Sets the mode that determines whether and when dialin clients should be authenticated.
  6. Command – Netsh ras set user
    • Sets the RAS properties of a user.
  7. Command – Netsh ras set tracing
    • Enables/disables extended tracing for Ras.
  8. Command – Netsh ras aaaa set accounting [provider =] WINDOWS|RADIUS|NONE
    • Sets the accounting provider for Ras Server.
  9. Command – Netsh ras aaaa set acctserver
    • Provides an IP address or name of a RADIUS server to use for accounting.
  10. Command – Netsh ras aaaa set authentication [provider =] WINDOWS|RADIUS
    • Sets the authentication provider for Ras Server.
  11. Command – Netsh ras aaaa set authserver
    • Provides an IP address or name of a RADIUS server to pass authentication requests.

Examples for configuring Remote access server using netsh -

Scenario – Preserve the Ras Server configuration on a machine

  • Netsh ras dump > “<filename>”

Scenario – Restore the preserved Ras Server configuration on a machine

  • Netsh exec “<filename>”

Scenario – Set the authentication and accounting provider of Ras Server to Windows

  • Netsh ras aaaa set acco windows
  • Netsh ras aaaa set authe windows

Scenario – Add all authentication types on the Remote Access Server

  • Netsh ras add authtype pap
  • Netsh ras add authtype spap
  • Netsh ras add authtype md5chap
  • Netsh ras add authtype mschap
  • Netsh ras add authtype mschapv2
  • Netsh ras add authtype eap

Scenario – Set the dialin permissions of a user “Test” to “Allow access”

  • Netsh ras set user test permit

Scenario – Enable tracing logs for RAS connections

  • Netsh ras set tracing * en

Puja Pandey
Software Design Engineer/Test
Windows Networking Group

[This posting is provided "AS IS" with no warranties, and confers no rights.]