| netsh/RAS Context |
Configures a remote-access server.
Only commands for the IP subcontext are covered in this section. For a list of commands in a different subcontext, switch to that subcontext and type help.
aaaa
Switches to AAAA subcontext.
add authtype type=[PAP | SPAP | MD5CHAP | MSCHAP | MSCHAPv2 | EAP]
Specifies additional types of authentication the RAS server can negotiate.
add link type=[SWC | LCP]
Specifies additional link properties that can be used for PPP negotiation.
add multilink type=[MULTI | BACP]
Specifies additional multilink types that can be used for PPP negotiation.
add registeredserver name=domainname server=RASservername
Registers the RAS server in Active Directory.
appletalk
Switches to Appletalk subcontext.
delete [authtype | link | multilink | registeredserver] [options]
Removes a RAS authentication, PPP link, or PPP multilink type or unregisters a RAS server in Active Directory (see the add commands earlier in this list for the syntax).
dump
Dumps the configuration of the remote-access server as a series of NetShell commands.
ip
Switches to IP subcontext. The commands available in this subcontext are listed in Table 5-12.
ipx
Switches to IPX subcontext.
netbeui
Switches to NETBEUI subcontext.
set authmode mode=[STANDARD | NODCC | BYPASS]
STANDARD means all clients must be authenticated, NODCC bypasses authentication for direct cable connections, and BYPASS means authentication isn't required for any type of device.
set tracing component=componentname state=[ENABLED | DISABLED]
Turns extended tracing on or off for the specified component (use an asterisk to represent all components).
set usernames=username dialin=[PERMIT | DENY | POLICY] [cbpolicy=[NONE | CALLER | ADMIN] cbnumber=callbacknumber]
Configures the RAS properties for the specified user, including whether the user is specifically allowed or denied the right to dial in, whether this is determined by the remote-access policy, and whether the user can use callback when dialing in.
show activeservers
Causes the server to listen for RAS server advertisements.
show authmode
Displays the current authentication mode of the RAS server.
show authtype
Displays the authentication types currently enabled on the server.
show client
Lists RAS clients currently connected to the server.
show link
Displays the types of link properties that the server currently uses for PPP negotiation.
show multilink
Displays the types of multilink types that the server currently uses for PPP negotiation.
show registeredserver domain=domainname server=RASservername
Verifies whether the specified RAS server is registered in Active Directory for that domain.
show tracing component=componentname
Displays whether extended tracing is enabled for the specified component. (If no component is specified, then the state of tracing is displayed for all components.)
show usernames=username mode=[PERMIT | REPORT]
Displays the RAS settings for the specified useror for all users, if no username is specified. PERMIT displays only those users whose dial-in setting is currently set to PERMIT, while REPORT displays all users in the current domain.
|
Command |
Option |
Description |
|---|---|---|
|
add |
Range |
Specifies address ranges for static address pool |
|
delete |
Pool |
Removes all ranges from static address pool |
|
Range |
Removes specified range from static address pool | |
|
dump |
Dumps configuration as netsh commands | |
|
set |
Access |
Gives RAS clients access to network beyond RAS server |
|
Addrassign |
Specifies method RAS server assigns addresses to RAS clients | |
|
Addrreq |
Allows RAS clients to request addresses from RAS server | |
|
Negotiation |
Enables IP negotiation for RAS client connections | |
|
show |
Config |
Displays current configuration of RAS server |
Enter RAS context of NetShell:
C:\>netsh netsh>ras ras>
Display the authentication mode and types currently configured on the server:
ras>show authmode authentication mode = standard ras>show authtype Enabled Authentication Types: Code Meaning ------------------------------------------ MSCHAP Microsoft Challenge-Handshake Authentication Protocol. MSCHAPv2 Microsoft Challenge-Handshake Authentication Protocol version 2.
Check whether the RAS server
test.mtitcanada.com is registered in Active Directory:
ras>show registeredserver domain=mtitcanada.com server=test The following RAS server is registered: RAS Server: test Domain: mtitcanada.com
Check if user Sally is currently allowed to dial in to the RAS server:
ras>show usernames=sally usernames: sally Dialin: policy Callback policy: none Callback number:
The default remote-access policy denies all users RAS dial-in permission, so specifically assign Sally this permission and enable callback:
ras>set usernames=sally dialin=permit cbpolicy=admin cbnumber=555-777-1212 usernames: sally Dialin: permit Callback policy: admin Callback number: 555-777-1212
Switch to the IP subcontext:
ras>ip ras ip>
Show the IP configuration of the RAS server (this isn't the IP address of the server's interface, but rather how it provides clients with IP addresses when they connect):
ras ip>show config RAS IP config Negotiation mode: allow Access mode: all Address request mode: deny Assignment method: auto Pool:
Use the set user command in a batch file or script to automatically configure RAS dial-in settings for a collection of users.
Connections, Routing and Remote Access