Cisco Unified Wireless Network Solutions

Cisco Systems inc. CCNP #14708 Payman Shahmir

How to work with Netsh command tool

Netsh Command / Network administration shell

Netsh tool is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh tool also provides an useful feature that allows you to run a group of commands in batch mode. Netsh can also save the list of commands into text file for archival purposes or to help you configure other servers in the same way.

You can use the Netsh network administartion tool to perform the following tasks:

  • Configure interfaces.
  • Configure routing protocols.
  • Configure filters.
  • Configure routes.
  • Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service.
  • Display the configuration of a currently running router on any computer.
  • Use the scripting feature to run a collection of commands in batch mode against a specified router.

Netsh command internal help

C:\netsh
netsh>help

The following commands are available:

Commands in this context:
..             - Goes up one context level.
?              - Displays a list of commands.
abort          - Discards changes made while in offline mode.
add            - Adds a configuration entry to a list of entries.
alias          - Adds an alias.
bridge         - Changes to the `netsh bridge' context.
bye            - Exits the program.
commit         - Commits changes made while in offline mode.
delete         - Deletes a configuration entry from a list of entries.
diag           - Changes to the `netsh diag' context.
dump           - Displays a configuration script.
exec           - Runs a script file.
exit           - Exits the program.
firewall       - Changes to the `netsh firewall' context.
help           - Displays a list of commands.
interface      - Changes to the `netsh interface' context.
offline        - Sets the current mode to offline.
online         - Sets the current mode to online.
popd           - Pops a context from the stack.
pushd          - Pushes current context on stack.
quit           - Exits the program.
ras            - Changes to the `netsh ras' context.
routing        - Changes to the `netsh routing' context.
set            - Updates configuration settings.
show           - Displays information.
unalias        - Deletes an alias.
winsock        - Changes to the `netsh winsock' context.

The following sub-contexts are available:

bridge diag firewall interface ras routing winsock

To view help for a command, type the command, followed by a space, and then type ?.

netsh> ?


Netsh contexts


Netsh utility interacts with others using dynamic-link library files. Each Netsh helper DLL provides an extensive set of features called a context, which is a group of commands specific to this DLL networking component. These contexts extend the functionality of netsh. For ex., Dhcpmon.dll provides netsh the context and set of commands necessary to configure and manage DHCP settings.

For more information about Netsh contexts, use this command in the netsh shell:

netsh>show helper
DLL Filename  Command
------------  -------
HNETMON.DLL   bridge
DGNET.DLL     diag
FWCFG.DLL     firewall
IFMON.DLL     interface
IFMON.DLL       ip
IPV6MON.DLL     ipv6
IPV6MON.DLL       6to4
IPV6MON.DLL       isatap
IPV6MON.DLL     portproxy
RASMONTR.DLL  ras
RASMONTR.DLL    aaaa
RASMONTR.DLL    appletalk
RASMONTR.DLL    ip
RASMONTR.DLL    ipx
RASMONTR.DLL    netbeui
IPMONTR.DLL   routing
IPMONTR.DLL     ip
IPPROMON.DLL      autodhcp
IPPROMON.DLL      dnsproxy
IPPROMON.DLL      igmp
IPPROMON.DLL      nat
IPPROMON.DLL      ospf
IPPROMON.DLL      relay
IPPROMON.DLL      rip
IPPROMON.DLL      routerdiscovery
IPXMONTR.DLL    ipx
IPXPROMN.DLL      netbios
IPXPROMN.DLL      rip
IPXPROMN.DLL      sap
IFMON.DLL     winsock
netsh>

List of available netsh contexts


AAAA - commands for AAAA
Shows and sets the configuration of the Authentication, Authorization, Accounting, and Auditing (AAAA) database used by the Internet Authentication Service (IAS) and the Routing and Remote Access service.

DHCP - commands for DHCP
Administers DHCP servers and provides an equivalent alternative to console-based management.

Diag - diagnostic (diag) commands
Administers and troubleshoots operating system and network service parameters.

Interface - commands for Interface IP
Configures the TCP/IP protocol (including addresses, default gateways, DNS servers, and WINS servers) and displays configuration and statistical information.

RAS - commands for RAS
Administers remote access servers.

Routing - commands for Routing
Administers Routing servers.

WINS - commands for WINS
Administers WINS servers.


Netsh usage from command line, Netsh syntax


netsh -a AliasFile -c Context -r RemoteComputer NetshCommand

or

netsh -a AliasFile -c Context -r RemoteComputer -f ScriptFile

-r : Configures a remote computer.

RemoteComputer : Specifies the remote computer to configure.

NetshCommand : Specifies the netsh command that you want to run.

-f : Exits Netsh.exe after running the script.

ScriptFile : Specifies the script that you want to run.

/? : Displays help at the command prompt.

Netsh examples

Show Network Diagnostic GUI


Type the following command:

netsh diag gui

Switch the specified adapter from a static address to DHCP

Type the following command:

netsh interface ip set address "Local Area Connection" dhcp

NOTE: Typing this command changes the interface named "Local Area Connection" to DHCP. To display all of the adapters in the computer with their current IP addresses to determine the correct adapter name, type the following command:

Netsh interface ip show config

To change to a static address, type the following command:

netsh interface ip set address "Local Area Connection" static ipaddr subnetmask gateway metric

NOTE: Replace ipaddr with the static IP address, subnetmask with the subnet mask, gateway with the default gateway and, if necessary, metric with the appropriate metric. The following example changes the interface "Local Area Connection" to a static address of 192.168.0.10 with a subnet mask of 255.255.255.0, and the interface has a default gateway of 192.168.0.1 with a metric of 1:

netsh interface ip set address "Local Area Connection" static 192.168.0.10 255.255.255.0 192.168.0.1 1


Show multicast joins for an each network inteface


Type the following command:

netsh interface ip show joins

Gathering diagnostic data from Windows Firewall

Windows Firewall configuration and status information can be retrieved at the command line by using the Netsh.exe tool. This tool adds IPv4 firewall support to the following Netsh context:

netsh firewall

To use this context, type netsh firewall at a command prompt, and then use additional Netsh commands as needed. The following commands are useful for gathering firewall status and configuration information:

Netsh firewall show state
Netsh firewall show config

Supported data gathering and configuration commands are listed in the following table.

Note Settings can be modified only by an administrator.

Data GatheringCommand Description

show allowedprogram	Displays the allowed programs. 
show config		Displays the detailed local configuration information. 
show currentprofile		Displays the current profile. 
show icmpsetting		Displays the ICMP settings. 
show logging		Displays the logging settings. 
show opmode		Displays the operational mode. 
show portopening		Displays the excepted ports. 
show service		Displays the services. 
show state		Displays the current state information. 
show notifications		Displays the current settings for notifications.