Duplicate MAC address in Hyper-V

Robert Larson

TipsMake.com - Windows Server 2008 Hyper-V provides support for using Virtual LAN (VLAN) on parent and child partitions (hosts and virtual machines). This article will introduce you to how high VLANs work, system requirements for infrastructure to support VLAN tagging, and how to configure VLAN support for parent and child partitions. examples of how to use VLAN tagging between hosts in isolated subnet tests.

Introduction to VLAN

The IEEE 802.1Q standard for VLAN tagging has been created to allow you to use physical network connectivity and multithreading for network traffic. Streams are virtualized together so that computers on VLAN1 and computers on VLAN2 cannot see each other's packets unless there is a router connecting both VLANs and performing routing between VLANs. The diagram on the left in the figure below shows that a physical network cable may have multiple VLANs circulating within it as well as non-VLAN traffic, which is referred to as 'trunking'. While the left diagram is a conceptual diagram of the traffic isolation, the diagram on the right shows that the packages are part of a flow and that only the computer is part. of the same VLAN can see the packets on that VLAN and that the computer without the VLAN ID will not be able to see any packets even as part of that VLAN.

Duplicate MAC address in Hyper-V Picture 1
Figure 1

So how does VLAN work? There are two basic methods of working with VLANs. The first method involves configuring VLANs on the physical network at the port level of a network switch. In this configuration, you assign VLANs to a switch port and any traffic that travels in the public is tagged with an identification number of the VLAN (called VLAN ID). This method prevents the device connected to the port from changing VLAN ID values, which means that if the device switches from one port to another, a new port will have to be reconfigured properly for the VLAN. . This method prevents multiple devices connected to the port from being members of different VLANs.

The second method involves device dynamically assigned to a VLAN ID before it transmits data packets. In this method, the end device can easily switch from one VLAN to another without requiring any changes to the physical switch port. This method requires the device to know the IEEE 802.1Q VLAN tagging. It needs to know how to mount, how to transmit tagged packages and how to open a tagged package.

Static VLAN configuration is safer than VLAN tagging because the network device cannot easily switch from one VLAN to another without switching the switch ports behind a blocked door.

System requirements

To support VLAN tagging (dynamic or static) you need the following requirements:

1. Hyper-V servers need network adapters with IEEE 802.1Q support. With dynamic mounting, adapters need to support the handling of VLAN tagged packets even though the drvier is not configured for VLAN support.

2. Network switches need to support IEEE 802.1Q

3. Routers need IEEE 802.1Q support for routing tag packets.

Configure Partition parent to use VLAN

The Hyper-V partition can be a member of a VLAN. Usually this is done to differentiate Hyper-V management traffic from the child traffic. Each physical network adapter can be configured for VLANs that support tagging. For network adapters that are not configured with Hyper-V virtual networks, the VLAN ID configuration will be done at the driver level in the advanced settings. The following figure shows a Broadcom network adapter with VLAN that supports tagging. By default, the VLAN ID is set to zero. Changing this value to a VLAN ID value configured in your network will attach all packets from the parent partition using this adapter to that VLAN ID.

Duplicate MAC address in Hyper-V Picture 2
Figure 2

For network adapters configured with virtual networks, the configuration of the VLAN ID for the parent partition will be done within the Hyper-V Manager console. To configure the VLAN ID to 200 for the parent partition on a network adapter that has an external virtual network configured, you must perform the following steps:

1. Open the Hyper-V Manager console

2. On the right side of the panel are many items, click the item called Virtual Network Manager.

3. Mark the virtual network you want to change, for example External. You will see the option Enable virtual LAN identification for parent partition , check the checkbox and enter the value 200 for VLAN ID.

Duplicate MAC address in Hyper-V Picture 3
Figure 3

1. Click Ok to save the changes

Now all traffic for the parent partition running in this network adapter will be tagged with VLAN ID of 200.

You can also change the settings of internal virtual networks to allow VLAN tagging of the parent partition traffic. The process is exactly the same as above, only the steps are chosen instead of Internal instead of External. Virtual private networks do not support VLAN tagging for traffic.

Configure child partitions to use VLANs

Parent partitions also support VLAN tagging configuration. Configuration is done on the network adapter in the virtual machine configuration settings. This allows a virtual machine to be configured with multiple VLANs despite using a network adapter. Since virtual machines can have a maximum of up to 12 network adapters (including 4 inherited), there will be a maximum of 12 VLANs on a virtual machine.
If you want to configure a virtual machine to connect to the VLAN 200 on a virtual network called External, follow the steps below:

1. Open the Hyper-V Manager console

2. Mark the virtual machine that you want to configure for VLANs with traffic tagging.

3. On the right hand side of the panel there are items for the virtual machine, click on the item called Settings.

4. Find the network adapter connected to the External network and mark the virtual network adapter entry in the hardware section. On the right, you will see the option Enable virtual LAN identification , check the box and enter the value of 200 for VLAN ID.

Duplicate MAC address in Hyper-V Picture 4
Figure 4

5. Click Ok to save the changes

At this time, the traffic that operates inside the network adapter connected to the External virtual network will be tagged with VLAN ID of 200.

If you need a virtual machine to communicate two or more VLANs, simply add network adapters, connect them to the correct virtual network, assign VLAN IDs, configure the correct IP addresses and then make sure the traffic you want is The rotation that the VLAN is using has the correct IP address or the name of the destination, then there are traffic flows in the correct network adapter.

Use VLAN for isolation testing

Everything we've just discussed so far assumes that you want to transmit packages on a network infrastructure with a VLAN ID of 200 and that switch ports are configured to manage that VLAN ID. However, VLAN can also provide other advantages for isolation testing.

Let's assume that there are two Hyper-V hosts connected to the same switch and need to configure a test that requires a service like DHCP to troubleshoot certain problems. Your test requires virtual machines on each host to communicate with each other. You have the following issues:

1. Do not want to provide DHCP services on the public network because it can cause havoc.

2. Do not want to copy all virtual machines to a particular host because you may not have enough space and time.

3. You can add a network adapter to each host, connect them to an isolated network switch, configure a new virtual network for that adapter, configure virtual machines to use the new virtual network and check your test, though But it was a lot of work.

What you want here is a quick and easy way to isolate virtual machine traffic so that you can perform your tests. VLAN tagging is a perfect solution for this test requirement. All you need to do is use all the virtual machines required for testing, connect them to the same physical network using the external virtual network, configure them to have the same VLAN ID and a network. General (subnet). Now you have an isolated subnet between the two hosts, only the machines that are configured with the same VLAN ID can see the traffic and can communicate with each other.

Conclude

IEEE 802.1Q VLAN tagging allows you to separate traffic easily between groups of machines in the network infrastructure. To support VLAN tagging, your devices need to support the IEEE 802.1Q standard. When devices support VLAN tagging, configuring them to tag packets is a simple setup on a virtual private network or network adapter in the Hyper-V Manager console. VLAN tagging can be used in Internal and External virtual networks to create independent virtual subnets.