none
How do you multi-home a Hyper-v Host with a single Physical Nic using VLANs

    Question

  • As the title states, how does one do this?

    On VMware it's very easy to add a secondary VM Kernel Port (virtual nics/ports you define on the vswitch for use by the HOST).

    So in vSwitch Manager, you can only define External, Internal, and Private, each are pretty straight forward defined in the switch manager. 

    These are the things I find lacking in Hyper-V, 

     1) No ability to see or set the IP address associated with the "External Switch, mgmt VLAN Tagged ID".
    For a bit more follow up, it is extremely annoying and difficult to get VLAN tagging setup from a brand new Hyper-V install. See This.
    In VMware you create VM port groups that are vlan ID's and defined and add when adding a vNIC to a VM you sepcify which of those the VM belongs to. In Hyper-V you add the same external vswitch to the VM and simply define a different VLAN ID for the VM to use for its network. This works but doesn't seems as polished.

    2) NFS not being a supported Datastore for Hyper-V. (NFS is huge)

    3) The point of this post. In Vmware you can also define multiple VM Kernel Port Groups, which are vnics or ports used, again, by the host. And you can add a fair amount and define both the IP and teh VLAN ID right when creating the VM Kernel port and simply add it tot he vswitch it needs to access the physical world from. IN Hyper-v there seems to be absolutely no way for me to add a secondary vnic and define a different IP and VLAN ID to be used by the host. (This network segament would not have a gateway and make the host multi-homed).

    How does one achieve this, as I can't seem to see any way to do it?




    • Edited by Zewwy Monday, April 10, 2017 1:59 PM
    Friday, April 7, 2017 7:37 PM

Answers

  • Add virtual NICs with Add-VMNetworkAdapter and the -ManagementOS parameter.

    Once you have the vNIC(s) added, assign them to VLANs with Set-VMNetworkAdapterVlan.


    Eric Siron
    Altaro Hyper-V Blog
    I am an independent contributor, not an Altaro employee. I accept all responsibility for the content of my posts. You accept all responsibility for any actions that you take based on the content of my posts.

    • Proposed as answer by D.Pope MCSE Saturday, April 8, 2017 5:53 AM
    • Marked as answer by Zewwy Monday, April 10, 2017 4:30 PM
    Friday, April 7, 2017 8:09 PM
  • OK so I figured it out thanks to your help Eric.

    Here's how to do it.

    Get Hyper-V configured for initial mgmt connection. Can use my thread here for details.

    With the existing Management OS vNic set. As mentioned no options to do it in Hyper-V Manager. So either remote powershell or RDP or at the console type the following. (*NOTE* if at the console ensure to add the Hyper-V-Powershell feature else you won't even be able to import the hyper-v Module, else if remote powershelling ensure the same feature is enabled)

    "Add-VMNetworkAdapater -ManagementOS -Name iSCSI"

    *NOTE* When I first attempted this I didn't specify the -Name parameter as a result I had two vNic with the same name! 

    I couldn't figure out how to set these since I couldn't find a parameter to single them out (No MAC parameter) so ensure you name them right when you create it.

    Then As you said set the VLAN ID:

    "Get-VMNetworkAdapter -ManagementOS -name iSCSI | Set-VMNetworkAdapterVlan -Access -VlanId 66"

    This obviously requires the primary port that the host is connected to allow these tagged packets.

    Finally, had to exit powershell and run sconfig (tiss Nano/Core after-all) to configure the IP address for each vNIC. You will see each vNIC as an NIC to configure under sconfig. I'm sure this could be done via powershell as well or cmd, but I like the simplicity of sconfig.

    The only thing is I have my Firewall disabled.

    "netsh advfirewall set allprofile state off"

    For testing since for some reason I can't figure out how to proper set the zone each vNic resides in, then figureing out exactly which built-in rules I need for set things. I know the basics for remote managing via MMC Snap-ins, See this post. Which amazingly they still haven't made a parent group for remote administration and requires certain sub groups to be enabled in core 2016.

    But it always seems to change firewall settings defined when you play with the network adapters either via Hyper-v manager or Powershell. ( I really wish MS tested these a bit more) At least the firewall rules required for most features are opened automagically.

    • Marked as answer by Zewwy Monday, April 10, 2017 4:30 PM
    Monday, April 10, 2017 4:29 PM

All replies

  • Add virtual NICs with Add-VMNetworkAdapter and the -ManagementOS parameter.

    Once you have the vNIC(s) added, assign them to VLANs with Set-VMNetworkAdapterVlan.


    Eric Siron
    Altaro Hyper-V Blog
    I am an independent contributor, not an Altaro employee. I accept all responsibility for the content of my posts. You accept all responsibility for any actions that you take based on the content of my posts.

    • Proposed as answer by D.Pope MCSE Saturday, April 8, 2017 5:53 AM
    • Marked as answer by Zewwy Monday, April 10, 2017 4:30 PM
    Friday, April 7, 2017 8:09 PM
  • Hi Sir,

    >>2) NFS not being a supported Datastore for Hyper-V. (NFS is huge)

    I'll commit this as a 'user voice' to MS .

     

    In addition the commands provided by Eric , SCVMM makes it easy to create VNICs for Hyper-v hosts :

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 10, 2017 2:42 AM
    Moderator
  • Wow!

    Thank you both your quick replies. I'll play with the powershell cmdlet you provided, Eric.

    Sadly I don't have licensing for SCVMM, I also don't have a good enough MSDN subscription level for it either, So sadly I'm stuck using Hyper-V Manger only. Hoever thanks for the great feedback, Elton!

    Monday, April 10, 2017 1:53 PM
  • OK so I figured it out thanks to your help Eric.

    Here's how to do it.

    Get Hyper-V configured for initial mgmt connection. Can use my thread here for details.

    With the existing Management OS vNic set. As mentioned no options to do it in Hyper-V Manager. So either remote powershell or RDP or at the console type the following. (*NOTE* if at the console ensure to add the Hyper-V-Powershell feature else you won't even be able to import the hyper-v Module, else if remote powershelling ensure the same feature is enabled)

    "Add-VMNetworkAdapater -ManagementOS -Name iSCSI"

    *NOTE* When I first attempted this I didn't specify the -Name parameter as a result I had two vNic with the same name! 

    I couldn't figure out how to set these since I couldn't find a parameter to single them out (No MAC parameter) so ensure you name them right when you create it.

    Then As you said set the VLAN ID:

    "Get-VMNetworkAdapter -ManagementOS -name iSCSI | Set-VMNetworkAdapterVlan -Access -VlanId 66"

    This obviously requires the primary port that the host is connected to allow these tagged packets.

    Finally, had to exit powershell and run sconfig (tiss Nano/Core after-all) to configure the IP address for each vNIC. You will see each vNIC as an NIC to configure under sconfig. I'm sure this could be done via powershell as well or cmd, but I like the simplicity of sconfig.

    The only thing is I have my Firewall disabled.

    "netsh advfirewall set allprofile state off"

    For testing since for some reason I can't figure out how to proper set the zone each vNic resides in, then figureing out exactly which built-in rules I need for set things. I know the basics for remote managing via MMC Snap-ins, See this post. Which amazingly they still haven't made a parent group for remote administration and requires certain sub groups to be enabled in core 2016.

    But it always seems to change firewall settings defined when you play with the network adapters either via Hyper-v manager or Powershell. ( I really wish MS tested these a bit more) At least the firewall rules required for most features are opened automagically.

    • Marked as answer by Zewwy Monday, April 10, 2017 4:30 PM
    Monday, April 10, 2017 4:29 PM
  • Use Where-Object as a post-Get filter when there isn't an appropriate parameter. Like, "Get-VMNetAdapter | where MacAddress -eq whatevermac | Rename-VMNetAdapter...". The learning curve is steeper but the results are more flexible than parameters.

    The Network Location Awareness service has always been responsible for zoning adapters in the past. I tend to keep all of all the rules that I care about in sync across zones to lower my administrative effort. I figure that if my Hyper-V host suddenly finds itself on a true "public" network, then it's probably been stolen and I have other things to worry about besides its firewall. I haven't looked into Nano much yet but I assume everything there is more or less the same.


    Eric Siron
    Altaro Hyper-V Blog
    I am an independent contributor, not an Altaro employee. I accept all responsibility for the content of my posts. You accept all responsibility for any actions that you take based on the content of my posts.

    Monday, April 10, 2017 4:56 PM