Virtualized systems are subject to the same network security protocols as the traffic generated by physical devices. They too should be segmented using VLANs, allowing only authorized traffic to access your VMs.
Virtual Local Area Networks, or VLANs, are a based on the 802.1q standard and allow for physical networks to be isolated from each other, effectively creating smaller collision domains for devices to participate in. For VLANs to work, tags must be configured on both routers and switches within the LAN, and they must be supported on the physical network adapters themselves. With ACLs configured on the router to allow or deny certain types of traffic to pass through, the network switch ports must be tagged with the VLANs they support to allow traffic to be routed; otherwise it will be stopped.
Segmenting parts of the network from the rest generally provides scalability, better performance, and enhanced security for both the network and the data traveling across the wire—physical or virtual.
Before jumping into the configuration steps for the virtual switch, there are a few requirements to make VLANs work:
- Physical routers and switches must be configured for 802.1q.
- Physical network adapters and drivers on the server hosting VMs must support 802.1q.
- The host server must be running Windows Server 2008 (or later) or Hyper-V Server.
SEE: 20 pro tips to make Windows 10 work the way you want (free TechRepublic PDF)
Configuring the virtual switch
Start by launching the Hyper-V Manager snap-in and selecting the server you want to manage from the navigation pane. Next, in the Actions pane, click on Virtual Switch Manager... to launch the properties window.
In the Virtual Switches section, select an existing virtual switch you want to modify or create a new one, designating the connection type. Under the VLAN ID section, select the Enable Virtual LAN Identification For Management Operating System option and enter the VLAN tag you want to specify for the traffic accessing the virtual switch. Click OK to save your settings.
Configuring the virtual machine
Now, launch the Hyper-V Manager snap-in and select the server that hosts the VM you want to configure from the navigation pane. In the Virtual Machines section, click on the VM you want to configure and select Settings... in the VM pane.
Scroll down to the Network Adapter you want to tag for VLAN and select Enable Virtual LAN Identification. Also, enter the VLAN ID that matches the VLAN you want to use to manage traffic through. Click Apply, then OK to save your configuration.
That's it! Your VM and virtual switch are now configured for VLAN traffic isolation. Repeat these steps for each network adapter you want to enable VLANs on.
SEE: Windows 10 power tips: Secret shortcuts to your favorite settings (Tech Pro Research)
Three takeaways for implementing VLANs in Hyper-V
- VLANs segment traffic by grouping devices into smaller networks, mitigating congestion, enhancing network security, and providing better network manageability.
- Physical networking equipment, virtual switches, and virtual network adapters must support the 802.1q standard—including software drivers.
- Devices within the same VLAN must be configured with the same VLAN ID, or tag, as only devices with the same tags will be allowed to communicate with each other, even if connected to the same switch and on the same subnet.
- CompTIA IT Security, Network & Hardware Certification Training (TechRepublic Academy)
- 10 bad habits network administrators should avoid at all costs (TechRepublic)
- How to configure a Mac VLAN (TechRepublic)
- PowerShell commands for configuring virtual LAN settings in Windows 10 and Windows Server 2016 (Microsoft)
- Windows 10 Fall Creators Update: New features to try, but don't rush to install it (ZDNet)
Do you have experience managing networks with VLANs? What tips do you have for users to best manage their devices? Please share your thoughts with fellow TechRepublic members.