Virtual Switch configuration for nested Hyper-V in multi-NIC deployment.

I am a little confused about one thing, and it is to do with the configuration of the Virtual Switch(s) in a Hyper-V nested configuration (Server 2019) where there are a number of physical adapters (and virtual switches). I have looked at dozens of sources
such as these:

https://www.youtube.com/watch?v=ycCK1EyJG6Y&feature=youtu.be
https://techcommunity.microsoft.com/t5/virtualization/windows-insider-preview-nested-virtualization/ba-p/382256
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization

In the picture there is a Server 2019 Hyper-V Physical Host (H0). It has two physical network cards. In the Hyper-V Virtual Switch Manager NIC1 becomes Virtual Switch (without quotes) "WAN" and NIC2 becomes Virtual Switch "LAN" and the
management operating system shares that. Both of these have the "External" Connection Type. WAN is connected to a Layer 3 router, then a firewall and the internet. LAN is connected to a Layer 2 physical switch on a specific VLAN that also has the
Domain Controllers, DHCP, DNS servers etc..

I now also create a new Virtual Switch with an "Internal Network" connection type. It appears in Network and Sharing Center as (no quotes) "vEthernet (VirtualSwitch1)". This virtual switch is ALSO shared with the management operating
system.

I now create a virtual machine in the Physical Host (H0) which is going to be a nested Hyper-V Virtual Host (H0.1). In my situation this machine will do two things.

  1. It will have its own virtual machine clients (C1.01, C1.02, etc.), and
  2. it will be the Routing and Remote Access Server for L2TP VPN authentication and access.

For the RRAS VPN machine H0.1 is configured in "Settings" to have Network Adapter WWW with MAC Spoofing set to off. The Network Adapter LAN is connected to the physical LAN for Active Directory, DHCP etc. and has MAC Spoofing set to off.

L2TP VPN works perfectly. Users accessing from the Internet are properly routed to H0.1 and correctly authenticated in Active Directory. No problems with the configuration or settings for Layer 2 and Layer 3 traffic.

My question is, what settings do I need to make to the Internal Network Adapter "vEthernet (VirtualSwitch1)" on:

  1. the Physical Host H0, and
  2. the Virtual Host H0.1

so that the clients C1.01, C1.02 etc can get DHCP leases from the Domain Controller attached to the physical LAN, and connect to the internet? Within the Settings for H0.1 this Network Adapter has MAC Address Spoofing set to ON. This virtual host also has
the Routing and Remote Access Role installed, but not NAT and not Direct Access.

I have been searching for days for an answer to this, and I just can’t seem to get MAC Address Spoofing or NAT Networking to work. Any advice would be helpful.

Read full post . . . .

Go Que Newsroom Categories

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 53 bytes) in /home/content/36/8658336/html/goquecom/wp-includes/wp-db.php on line 1995