Dela via


Configuring Hyper-V for multiple subnets with only one NIC (Server 2008 R2 Edition)

 

 

Updated for 2012 R2: https://blogs.technet.com/b/letsdothis/archive/2013/11/11/configuring-hyper-v-for-multiple-subnets-with-only-one-nic-server-2012-r2.aspx

I wanted to configure my Hyper-V host with multiple subnets to give me a more realistic network configuration. Seeing how I do not have a full blown lab environment consisting of switches and routers which I could configure for multiple networks, I need a way to meet my needs. I came across numerous sites that contained some good information on achieving this and ultimately, I was not able to get this working properly with the information I found. They did however; lead me down the right path to accomplish what I needed…One Hyper-V host, multiple subnets, without the use of additional hardware or servers wasting my precious resources.

Typically, a virtual host would be dedicated as a virtual host without other roles installed to avoid impacting the performance of the virtual guests. Seeing how this is only used for my lab, I'm not too concerned with a performance impact.

Keep in mind...this post is intended for lab environments only! I do not claim this is a Microsoft supported configuration. You should contact Microsoft Support if you are in question of supported configurations.

 

My lab setup is as follows:

 

One Hyper-V host with 2 physical NICs (One NIC is not in use) and the host is running 14 virtual guests: (2 ConfigMgr, 2 DC, 2 App-V, 2 SQL, 2 Win7, 2 XP, 2 general use servers). All servers are running Windows Server 2008 R2 SP1 (host and guests).

My intentions are to divide the servers up, placing one of each type in each of the subnets/AD sites.

Now for the fun stuff…

 Configuring Virtual Networks

Assuming you have Hyper-V loaded already perform the following actions:

1. Open Hyper-V Manager and click on Virtual Network Manager on the Actions pane.

 

2. Click New virtual network and select Internal and click Add.

3. On the New Virtual Network window, fill in the following fields.

  • Name: vNet Internal 10.10.10.0/24
  • Notes: (optional)
  • Connection type: Internal only
  • Click OK

4. Click New virtual network and select Internal and click Add.

5. On the New Virtual Network window, fill in the following fields.

  • Name: vNet Internal 10.10.20.0/24
  • Notes: (optional)
  • Connection type: Internal only
  • Click OK

Configuring Network Adapters on the Hyper-V host

6. On the Hyper-V host, open your Network Connections so you can see the network adapters on the Hyper-V host. Once you have completed steps 2 through 5 above, you will see 2 new network adapters in the network connections window. It is recommended that you rename these from “Local Area Connection ‘X’” to match the names you provided in the previous steps or to something that will make it easy for you to distinguish which adapter belongs to what network. This will help eliminate any confusion when selecting the correct adapter for your VMs. It should look similar to this:

You can create as many different networks as you’d like by repeating the steps above.

7. Right click on the network adapter name vNet Internal 10.0 and click properties.

8. Click Internet Protocol Version 4 (TCP/IPv4) and click Properties.

9. Click the radio button for Use the following IP address:

  • IP Address: 10.10.10.1
  • Subnet mask: 255.255.255.0
  • Default Gateway: <blank>
  • DNS: <optional>
    • For each of the networks you created, you will need to perform the steps above. Keep in mind; you will need to give each additional network adapter the proper IP address. Since I used 10.10.20.0 as my second network; I would enter 10.10.20.1 in the IP address of the other NIC.

Configuring Routing and Remote Access Service (RRAS)

10. On the Hyper-V host, launch Server Manager.

11. Right-click Roles and select Add Roles.

12. When the Add Roles Wizard launches; on the Before you Begin page, click Next.

13. Select Network Policy and Access Services and click Next.

14. Read the introduction to Network Policy and Access Services page and click Next.

15. On the Role Services page, select Routing and Remote Access Services (if Remote Access Service and Routing are not automatically selected, select them at this time) and click Next.

16. On the Confirmation page, review your selections and click Install.

17. Click Close when the installation completes.

18. In Server Manager, expand the Roles node and then expand Network Policy and Access Services.

19. Right-click Routing and Remote Access and click Configure and Enable Routing and Remote Access.

20. Click Next at the setup wizard.

21. Select Custom configuration and click Next.

22. Select NAT and LAN routing.

  • Selecting NAT will allow your virtual machines to access the internet. If this isn't your intentions, do NOT select this setting.

23. Review your selections and click Finish.

24. Click Start Service when prompted.

25. Under Routing and Remote Access in the Server Manager, expand IPv4, click NAT and right-click and select New Interface.

26. In the New Interface for IPNAT window, select the network connection with internet access.

27. Select the option for Public interface connected to the Internet and also select Enable NAT on this interface and click OK.

28. You should now see something similar to this:

 

29. On each of your Hyper-V guests, configure the default gateway to the respective subnet. Below are how I have mine configured:

I have my Preferred DNS server pointing to a public DNS server to test my internet connection since I haven’t configured DNS for my new site. Once the site is configured, I’ll switch to the IP of the DNS server on my new site.

 If you can’t ping or access any UNC paths to servers on the other subnets, make sure you check the Windows Firewall and your user permissions. Good luck and enjoy your new setup! Cheers!

 PS...don't forget to assign your NICs to the appropriate network in the VM settings! (thanks Hyper-V Newb)

Comments

  • Anonymous
    January 01, 2003
    Hi Chris. I was looking for this solution for quite some time now and this is exactly what I want to achieve.  I followed through your guide but I am unable to RDP to my home server right after I do step 27. My Server only has hyper V role installed. I have installed NPAS and RRAS. It is connected to the internet via Network Cable and WiFi interfaces. I tried enabling NAT for both interfaces (fail). Then tried just WiFi (Fail) then tried just Network Cable (fail). Any idea why? Thanks alot.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    @Red Prado: Not sure why you wouldn't be able to connect...

  • You were able to connect via RDP prior to this?
  • Is the server configured with a static IP?
  • Is the firewall enabled and if so, does RDP have an exception made?
  • When you say that it fails when you enable NAT, what errors are you seeing?
  • Do the EventLogs show any further error messages?
  • Anonymous
    January 01, 2003
    I don't get it since the title says that you have only one NIC, yet your environment is configured with two NICs on the host.  Did I misunderstand something?  And isn't a Hyper-V server not suppored to perform any other services?  I mean, I know that Enterprise/datacenter edition can, but is it recommended on production servers?  

  • Anonymous
    January 01, 2003
    Hello Chris, could you please also describe your settings for the onboard device and the vexternal device ? I have crated a Hyper V external vn, not listed on task 26. Best regards Heiko

  • Anonymous
    January 01, 2003
    This was a great help!!!

  • Anonymous
    January 01, 2003
    Hello Chris, Apologies for leaving a new comment on your article that dates from more than a year. I liked the setup and explanation you gave and did the same with my lab. All works well: same concepts as yours, internal VMs accessing perfectly the external and public networks. But I also wanted access from the External to the Internal networks, for example RDP to the internal VMs using external IPs. This is not working and I don't understand why! I've enabled RDP on the VMs. On the NAT-enabled interface (Public interface), I've added in the "Services and Ports" section a Remote Desktop rule to translate incoming  RDP connections on the interface (192.168.0.51) on port 3391 and 3392 into 10.10.10.2-3 port 3389. I've made sure Firewall rules were open, but also disabling the firewall didn't change a thing. I cannot RDP or telnet using 192.168.0.1:3391 or 3392, although off course telnetting/RDP to the 10.10.10.x addresses from the Host works. Tried checking the RRAS and Firewall logs but there was nothing related. Any ideas what I am missing with what seems to be a basic NAT configuration? If not, do you have clues on how better to debug this? Thanks!

  • Anonymous
    January 01, 2003
    This is more for a lab configuration. I should have made that more clearly in the beginning of the blog and I'll be sure to update this blog to reflect that. I do have 2 physical NICs installed but only one is in use. In the first image of the blog, you can see that the Intel NIC does not have any connectivity. I don’t have the proper hardware or the space in my lab to host allow me to have an ideal environment. Typically you would not run other services on the Hyper-V host, such as a file and print server or in my case, the RRAS role. Most organizations would not be faced with the challenge I was… (requiring multiple subnets without a router). They would most likely have their networking team configure a switch port with the required subnet and the routing would take place on the switches/routers rather than the Hyper-V host. Normally, a virtual host would be dedicated as a virtual host without other roles installed to avoid impacting the virtual guests. I cannot state whether or not the configurations I used above are supported or not. That would be something you would have to discuss with Microsoft support. Hopefully this provides some clarification for you.. I have updated the blog to reflect your comments/concerns and they are greatly appreciated! Thanks!

  • Anonymous
    January 01, 2003
    @Rajesh...that sounds like a routing issue. You may need to look at setting up static routes on your router/switch that point your internal network...also, check the firewall to ensure it's not blocking traffic.

  • Anonymous
    January 01, 2003
    @Rajesh...sorry, misunderstood what you were asking. So, two things come to mind. Check the VM switchs...if they are internal, they won't have external access...you would need to change the Switch type from Internal to External. Also check that you selected the NAT and LAN routing option in step 22. Hope this helps.

  • Anonymous
    January 01, 2003
    @Rajesh - great job and happy computing!

  • Anonymous
    January 01, 2003
    @Chris ..All I am looking to do is to provide internet access to the guest machines and provide isolation at the same time. Followed your post athttp://blogs.technet.com/b/letsdothis/archive/2013/11/11/configuring-hyper-v-for-multiple-subnets-with-only-one-nic-server-2012-r2.aspx, not sure why I would need a static route. Also, like I said I am able to ping the guest from the host.

  • Anonymous
    January 01, 2003
    @Chris I found out the problem based on what you said. Yes it was a routing issue. In you other post you have asked to enabled the DirectAccess and ROUTING. I missed that. I added that feature. Removed and recreated the RRAS settings and I am in business. Thanks for your help and quick response.

  • Anonymous
    March 15, 2012
    Excellent instructions.  This was just what I was looking for as I want to simulate my network environment in a test lab. I have four seperate locations connected via T1-MPLS WAN with 2 servers at each location.  The only thing you forgot to mention is at the end in step 29.  Since I created these Internal Vnet interfaces after I already had my Hyper-V guests installed, first I needed to assign the Hyper-V guest to the appropriate Internal Vnet Interface in Hyper-V manager. Then I could start the Hyper-V Guest and configure the IP information as you show.  Thanks for these instructions, they helped a lot.

  • Anonymous
    May 30, 2012
    Perfect, this is exactly what I was looking for, thanks!

  • Anonymous
    January 09, 2013
    This is great information. Thanks a lot.

  • Anonymous
    July 15, 2013
    @ Chris Jones   Possible to do this on server 2012?? Not working for me at all.. anyone?

  • Anonymous
    July 15, 2013
    @Chris, can you possibly give us the same exact article but for windows 2012 server?

  • Anonymous
    November 11, 2013
    updated for 2012 R2: blogs.technet.com/.../configuring-hyper-v-for-multiple-subnets-with-only-one-nic-server-2012-r2.aspx

  • Anonymous
    March 11, 2014
    This is one amazing article. Thanks Chris, I got my networking setup on my lab environment with ease.

  • Anonymous
    January 28, 2015
    Chris - Great article, exactly what I was looking for. Getting my lab up and running for Microsoft Cloud cert. I followed the steps carefully. My RRAS is up and running with the guest on 172.25.4.0/24 network. I am able to ping the gues from the host, but I have no access from the guest to anywhere outside. I cannot even ping the gateway 172.25.4.1. Any ideas?

  • Anonymous
    March 01, 2016
    GREAT! Thank You!

  • Anonymous
    August 21, 2016
    Thanks for this excellent article. I too have a lab situation that perhaps you could help me with. am using HyperV on both Windows 2008 and Windows 2012 to create test network scenarios. The idea would be as following:I have two sets of lab VM's - each set includes a DC, Exchange and a File Server VM. I want both sets to have the same subnet structure so each would be using 192.168.0 addresses. I do not want the two sets to see each other - they are to be completely segregated. And they each must have access to the Internet.So all the VM's in set one can communicate with each other but can not communicate with the VM's in set two but have access to the Internet. All the VM's in set two can communicate with each other but can not communicate with the VM's in set one but have access to the Internet. Assume as well that I have full control of the router/firewall if any changes are required there.Also assume I can add as many network cards as I want if that's what is needed for this to work properly.Please describe for me how I would go about setting up the virtual switch/virtual networks/network card to allow for the above. Your time on this is appreciated in advance.

  • Anonymous
    August 27, 2016
    Great Its work perfectly, well I need more to congigure that my SCCM Server can see my Hyper-V Client and my Hyper-V Host and SCCM server are in Same Subnet. and My Hyper-v Client can able to ping my SCCM server as well as but from Sccm Server can't connect my Hyper-V client.Need your help to rectify this.Thanks again and Kindly help me to done this.

  • Anonymous
    February 27, 2017
    "Great Blogpost! Thanks for one’s marvelous posting! I _genuinely enjoyed"

  • Anonymous
    April 10, 2017
    NAT was the key for me, however I seem to remember being able to do this years ago without using NAT? In the old NT days there was simply a checkbox that said "enabled IP routing/forwarding", which is essentially just LAN routing in RRAS.Do we need NAT? Shouldn't LAN routing be enough if I only want to PING from a VM inside the private switched network to the external network? Or does LAN routing just route from the VM Servers nic1 card to the nic2 card, but no further?real external network <--- VMSever (nic1 - external switch, nic2 - private switch) <--- VMClient (nic1 - private switch) <--- "PING"

  • Anonymous
    June 14, 2017
    Hi Chris, This is exactly what I've been looking for, THANKS!!One question in addition to the the 2 internal switches you've created, you have also set up an external switch with the ip 172.20.1.0. Is that ip using the ip configuration of your host NIC? My aim to set up my networks like you have, but I would like them to also have internet capabilities. Does this solution give me that or will I need to make those two switches external as well? Is that even possible?

  • Anonymous
    June 18, 2017
    Hi Chris, This appears to be the exact solution I need. However, if I understand correctly your Hyper V is set up on a Server 2012 R2 Host, i.e., 10. "On the Hyper-V host, launch Server Manager."is this correct? If yes, how would I proceed after point 10 (or possible @ point 6) if my Hyper V is a Windows 10 host?Great Blog!! Thank you for your help.

  • Anonymous
    September 17, 2017
    hi. I have 1 windows server 2008 std and 1 windows server 2008 r2 in different subnet. Can you guide me how to connect them both? Because I want to test the connectivity using different subnet in. I have tried using internal and external adapter but it's not working. My laptop have only 1 NIC. SVR01 - IP - 192.168.1.1SVR02 - IP - 192.168.2.1