Configure VLAN on Hyper-V
This guide helps you configure VLANs on Hyper-V.
Hyper-V Switch is in trunk mode by default so no special configuration is required for enabling VLAN.
For more details about VLAN scanning refer to VLAN Scanning Guide.
Enable VLAN in Single Network Configuration
Applicable to scanner virtual machines with 1 network adapter.
VLAN Configuration from PowerShell.
Powershell allows multiple VLAN configurations. To configure VLAN from PowerShell perform the following steps:
- Shut down the virtual machine from the GUI or Powershell.
- Set the virtual machine network adapter to Trunk mode to allow packets from multiple VLANs, as shown in the following example:>
PS C:\Users\Administrator> Set-VMNetworkAdapterVlan -VMName MyScannerVM
- Trunk -AllowedVlanIdList "3,4,5,15" -NativeVlanId 0
- AllowedVlanIdList is a comma separated or range of VLAN IDs.
- NativeVlanId is required to allow untagged traffic. In the example above, VLAN ID 0 is used at the switch for Untagged traffic.
- Start the virtual machine.
You can configure any VLAN from the list provided via -AllowedVlanIdList using the scanner console or from the Qualys UI (go to Scans > Appliances).
Enable VLAN in Split Network Configuration
Applicable to scanner virtual machines with 2 network adapters.
Based on the state of the scanner virtual machine, there are multiple ways to enable VLANs in a split network configuration. By default, scanner virtual machines start with one network adapter. After creating the virtual machine, a second network adapter can be added as needed.
Method 1 (Recommended)
We recommend the following steps to enable VLAN in Split network configuration:
- Shut down the scanner virtual machine if it’s running. At this point, the virtual machine is assumed to have only 1 network adapter.
- Enable VLANs on the network adapter as shown in the section VLAN configuration from powershell above.
- Add the second network adapter.
- List the network adapter VLAN settings as shown in following example:
PS C:\Users\Administrator> Get-VMNetworkAdapterVlan -vmname MyScanner-split
VMName
VMNetworkAdapterName
Mode
VlanList
MyScanner-split
Network Adapter
Trunk
0,3-5,15
MyScanner-split
Network Adapter
Untagged
- Start the virtual machine.
Once VLAN is enabled, you can configure any VLAN from the list provided via -AllowedVlanIdList using the scanner console or from the Qualys UI (go to Scans > Appliances).
Method 2
This section explains how to configure VLANs on an existing split network scanner virtual machine.
The command used in the single network scanner method above can be used with an additional parameter called -VMNetworkAdapterName.
Some Things to consider
Problem 1: Hyper-V creates all network adapters with the exact same name – the name is literally ‘Network Adapter’. So every network adapter on each virtual machine running on a Hyper-V server has the same name ‘Network Adapter’.
Solution: Change the name for one of the network adapters and then configure VLANs on the LAN interface.
Problem 2: Renaming the network adapter is not possible from the Hyper-V GUI. It can only be done from powershell. The option to change a network adapter name is not directly available. All network adapters have the same name and the differentiating factors for each network adapter, such as MAC address, is not accepted by Rename-* command as a parameter.
Solution: Run a set of commands to accomplish this by following the examples below. Follow these steps:
List All Network Adapters for VM
PS C:\Users\Administrator> Get-VMNetworkAdapter -vmname MyScanner-split
|
Name |
IsManagementOs |
VMName |
SwitchName |
MacAddress |
|---|---|---|---|---|
|
Network Adapter |
False |
MyScanner-split |
|
00155D002325 |
|
Network Adapter |
False |
MyScanner-split |
|
00155D002326 |
View VLAN Settings on Network Adapters
PS C:\Users\Administrator> Get-VMNetworkAdapterVlan -VMName MyScanner-split
|
MyScanner-split |
Network Adapter |
Untagged |
|
MyScanner-split |
Network Adapter |
Untagged |
Save Network Adaptors to Variable
This variable is going to be used for changing the adapter name.
PS C:\Users\Administrator> $VMNetAdap = Get-VMNetworkAdapter -vmname MyScanner-split
PS C:\Users\Administrator> $VMNetAdap[0]
|
Name |
IsManagementOs |
VMName |
SwitchName |
MacAddress |
|---|---|---|---|---|
|
Network Adapter |
False |
MyScanner-split |
|
00155D002325 |
Rename LAN Network Adapter. [Scanner supports VLANs only on LAN]
PS C:\Users\Administrator> rename-VMNetworkAdapter -VMNetworkAdapter
$VMNetAdap[0] -newname "LAN_Adapter"
PS C:\Users\Administrator> Get-VMNetworkAdapter -vmname MyScanner-split
|
Name |
IsManagementOs |
VMName |
SwitchName |
MacAddress |
|---|---|---|---|---|
|
LAN_Adapter |
False |
MyScanner- split |
|
00155D002325 |
|
Network Adapter |
False |
MyScanner- split |
|
00155D002326 |
Configure Trunk Mode on LAN Adapter with Desired VLAN ID List
PS C:\Users\Administrator> Set-VMNetworkAdapterVlan -VMName MyScanner-split
-VMNetworkAdapterName LAN_Adapter -Trunk -AllowedVlanIdList "3,4,5,15"
-NativeVlanId 0
PS C:\Users\Administrator> Get-VMNetworkAdapterVlan -vmname MyScanner-split
|
VMName |
VMNetworkAdapterName |
Mode |
VlanList |
|---|---|---|---|
|
MyScanner-split |
LAN_Adapter |
Trunk |
0,3-5,15 |
|
MyScanner-split |
Network Adapter |
Untagged |
That’s it! You can configure VLANs from the scanner console.
Additional Resources
- Configure virtual local area networks for Hyper-V
- Rename virtual machine network adapter with identical name
- How to Work with Hyper-V Virtual Network Adapters