How to use command line for configuring Routing and Remote Access Server

Netsh is a command line tool to configure and administer Windows based computers. Netsh can be used extensively for Routing and remote access configurations. Some of the netsh commands in RAS context are 

  1. Command – Netsh ras add authtype add authtype [type = ] PAP|SPAP|MD5CHAP|MSCHAP|MSCHAPv2|EAP
    • Selects the types of authentication which this RAS server will attempt to negotiate.  Negotiation will be in the order most-secure to least-secure.
  2. Command – Netsh ras add registeredserver
    • Registers the given Windows 2000 computer as a RAS server in the Active Directory of the given domain.
  3. Command – Netsh ras add link [type = ] SWC|LCP
    • Adds to the list of link properties PPP will negotiate.
  4. Command – Netsh ras add multilink [type = ] MULTI|BACP
    • Adds to the list of multilink types PPP will negotiate.
  5. Command – Netsh ras set authmode [mode = ] STANDARD|NODCC|BYPASS
    • Sets the mode that determines whether and when dialin clients should be authenticated.
  6. Command – Netsh ras set user
    • Sets the RAS properties of a user.
  7. Command – Netsh ras set tracing
    • Enables/disables extended tracing for Ras.
  8. Command – Netsh ras aaaa set accounting [provider =] WINDOWS|RADIUS|NONE
    • Sets the accounting provider for Ras Server.
  9. Command – Netsh ras aaaa set acctserver
    • Provides an IP address or name of a RADIUS server to use for accounting.
  10. Command – Netsh ras aaaa set authentication [provider =] WINDOWS|RADIUS
    • Sets the authentication provider for Ras Server.
  11. Command – Netsh ras aaaa set authserver
    • Provides an IP address or name of a RADIUS server to pass authentication requests.

Examples for configuring Remote access server using netsh –

Scenario – Preserve the Ras Server configuration on a machine

  • Netsh ras dump > “<filename>”

Scenario – Restore the preserved Ras Server configuration on a machine

  • Netsh exec “<filename>”

Scenario – Set the authentication and accounting provider of Ras Server to Windows

  • Netsh ras aaaa set acco windows
  • Netsh ras aaaa set authe windows

Scenario – Add all authentication types on the Remote Access Server

  • Netsh ras add authtype pap
  • Netsh ras add authtype spap
  • Netsh ras add authtype md5chap
  • Netsh ras add authtype mschap
  • Netsh ras add authtype mschapv2
  • Netsh ras add authtype eap

Scenario – Set the dialin permissions of a user “Test” to “Allow access”

  • Netsh ras set user test permit

Scenario – Enable tracing logs for RAS connections

  • Netsh ras set tracing * en

Puja Pandey
Software Design Engineer/Test
Windows Networking Group

[This posting is provided “AS IS” with no warranties, and confers no rights.]

Comments (1)