Comments on: How to Set up VLANs in Hyper-V https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/ Hyper-V guides, how-tos, tips, and expert advice for system admins and IT professionals Wed, 31 Mar 2021 06:28:40 +0000 hourly 1 By: Eric Siron https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-3281 Fri, 14 Jun 2019 04:04:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-3281 In reply to Raúl Castillo.

The virtual switch completely consumes the physical NIC(s) and essentially becomes a transparent trunked pathway. If you’re just starting out, start here: https://www.altaro.com/hyper-v/simple-guide-hyper-v-networking/. After that, or if you have a bit of experience, see here: https://www.altaro.com/hyper-v/the-hyper-v-virtual-switch-explained-part-1/. Make certain that you understand all of that before moving into VLANs.

I recommend that you avoid setting a VLAN ID on a physical NIC. It can be done, but usually does not work out the way that you want and becomes a management problem.

I’m unclear from your usage if you intend PVLAN to mean private VLAN or if you intend it to mean port VLAN as in the article. Since you also used “promiscuous”, I’m assuming that you mean private VLANs. I have not worked with those in some time, but I believe that you only need to configure the VMs’ virtual NICs so that their primary VLAN matches the switchport’s promiscuous VLAN and then the private VLAN is whatever you need it to be.

]]>
By: Raúl Castillo https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-3280 Thu, 13 Jun 2019 17:23:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-3280 Now we have windows 2016 servers, and PowerShell cmdlet Set-VMNetworkAdapterVlan can set the virtual adapter to be a promicuous, isolated and community port for each VM. Now, in an environment where these VMs need to get internet access under PVLAN configuration, how can be set up the uplink port to communicate to the physical switch? I mean, the virtual switch can be set smoothly under PVLAN configuration to communicate down and between VMs using their specific virtual network adapter (which includes the virtual NIC for the VM and the virtual switch “port”) but there’s no configurable uplink “port” to connect the virtual switch to the physical NIC of the host and then connect to the physical siwtch. How logically works the virtual switch specifically when it is assigned to a physical interface of the host server? Does the physical host NIC act as the uplink port? Should the physical host NIC (which is assigned to the virtual switch) be configured with the VLAN tag according to the primary VLAN ID set on the promiscuous port of the physical switch? Give me some light please. Regards.

]]>
By: Eric Siron https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-2754 Tue, 13 Feb 2018 18:59:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-2754 In reply to Alan Tucker.

Careful there. You’ve made a good conceptual comparison, but it’s literally false. In action, the native VLAN and PVID are oppositional, not equivalent. Setting PVID on a port excludes it from the native VLAN.
But, to say that the native VLAN is to the switch as the PVID is to a port, that would be a fairly solid analogy.

]]>
By: Alan Tucker https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-2753 Tue, 13 Feb 2018 18:33:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-2753 In reply to Ricky.

The native VLAN is not setting an 802.1q Tag it is telling the trunk that UNTAGGED packets belong to VLAN 2.

the native VLAN is always – UNTAGGED and is equivalent to the PVID.

]]>
By: Ricky https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-532 Sun, 15 Nov 2015 06:30:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-532 In reply to Eric Siron.

right, that definitely makes much more sense!

]]>
By: Eric Siron https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-531 Sun, 15 Nov 2015 06:10:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-531 In reply to Ricky.

The 802.1q tag is always present on every frame that passes across a trunk. If it’s in the native VLAN, then the tag is all zeroes. The second sentence is phrased very, very badly. “switchport trunk native vlan 2” means that incoming all-zero packets will be sent to local ports in VLAN 2 and that packets sent off the switch from VLAN 2 will have an all-zero tag.

]]>
By: Ricky https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-530 Sun, 15 Nov 2015 03:39:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-530 I’ve been reading up articles left and right and now I’m super confused.

In the native VLAN section, it says:
“…..This is because frames that this trunk sends to the other switch travel without an 802.1q tag, and all incoming frames without a tag are treated as members of this VLAN.”

OK, I get that. But then I found this Technet article here:
http://blogs.technet.com/b/keithmayer/archive/2012/11/20/vlan-tricks-with-nic-teaming-in-windows-server-2012.aspx

And it says this:
“By using the “switchport trunk native vlan 2” command, it causes all native traffic to be passed across the trunk with a VLAN ID 2 tag.”

So one source says native VLAN passed across the trunk will not have a tag, the other says it will have a tag. Both are valid sources, so I don’t know which one is correct/wrong.

]]>
By: Ricky https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-1984 Sun, 15 Nov 2015 03:39:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-1984 I’ve been reading up articles left and right and now I’m super confused.

In the native VLAN section, it says:
“…..This is because frames that this trunk sends to the other switch travel without an 802.1q tag, and all incoming frames without a tag are treated as members of this VLAN.”

OK, I get that. But then I found this Technet article here:
http://blogs.technet.com/b/keithmayer/archive/2012/11/20/vlan-tricks-with-nic-teaming-in-windows-server-2012.aspx

And it says this:
“By using the “switchport trunk native vlan 2” command, it causes all native traffic to be passed across the trunk with a VLAN ID 2 tag.”

So one source says native VLAN passed across the trunk will not have a tag, the other says it will have a tag. Both are valid sources, so I don’t know which one is correct/wrong.

]]>
By: Francis Lewis https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-529 Sun, 15 Nov 2015 00:42:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-529 In reply to Eric Siron.

I think the key concepts can be summarized as follows:

– Access Mode ports will communicate using untagged frames on the same VLAN.

– When incoming tagged packets arrive at the switch’s Trunk port, the tag is removed and the switch will forward the untagged packet to the correct Access Mode port(s) based on the VLAN. But again, the tag is already removed, so the Access Mode ports will receive untagged frames. The switch just knows what ports to forward to.

– Untagged frames arriving into the Trunk port are technically still tagged. They just have all 0’s in the VLAN segment instead of an actual VLAN ID. These untagged packets will be placed in the native VLAN.

– There can only be one native VLAN configured on a physical switch. In the case of a virtual switch, you can’t configure one. However, native VLAN still exists, just without a specific VLAN assigned. It’ll just accept all untagged packets. – “All incoming frames without a tag are treated as members of this VLAN.”

– If you want a VM (connected to a virtual switch) to receive untagged traffic, just don’t configure a VLAN on the VM. However, I don’t really agree with this because I’ve read a Microsoft documentation that it must be configured? As you’ve mentioned in one of the comments, “There’s really no such thing as no VLAN on any VLAN-capable switch. Everyone is a member of at least one VLAN”. So I would imagine that a VM needs to be part of some VLAN to communicate on the network.

]]>
By: Francis Lewis https://www.altaro.com/hyper-v/setting-up-vlans-in-hyper-v/#comment-1983 Sun, 15 Nov 2015 00:42:00 +0000 http://www.altaro.com/hyper-v/?p=5384#comment-1983 I think the key concepts can be summarized as follows:

– Access Mode ports will communicate using untagged frames on the same VLAN.

– When incoming tagged packets arrive at the switch’s Trunk port, the tag is removed and the switch will forward the untagged packet to the correct Access Mode port(s) based on the VLAN. But again, the tag is already removed, so the Access Mode ports will receive untagged frames. The switch just knows what ports to forward to.

– Untagged frames arriving into the Trunk port are technically still tagged. They just have all 0’s in the VLAN segment instead of an actual VLAN ID. These untagged packets will be placed in the native VLAN.

– There can only be one native VLAN configured on a physical switch. In the case of a virtual switch, you can’t configure one. However, native VLAN still exists, just without a specific VLAN assigned. It’ll just accept all untagged packets. – “All incoming frames without a tag are treated as members of this VLAN.”

– If you want a VM (connected to a virtual switch) to receive untagged traffic, just don’t configure a VLAN on the VM. However, I don’t really agree with this because I’ve read a Microsoft documentation that it must be configured? As you’ve mentioned in one of the comments, “There’s really no such thing as no VLAN on any VLAN-capable switch. Everyone is a member of at least one VLAN”. So I would imagine that a VM needs to be part of some VLAN to communicate on the network.

]]>