Windows server 2019 настройка vlan - Windowsa.top - ваш верный помощник с OS Windows

В этой статье мы покажем, как настроить тегированный сетевой интерфейс с VLAN в Windows 10/11 и Windows Server 2019 (2022/2016/2012R2). Стандарт VLAN (Virtual LAN) описан в 802.1Q и предполагает маркировку трафика с помощью тегов (vlanid), необходимую для отнесения сетевого пакета к той или иной виртуальной сети. VLAN используются для разделения и сегментирования сетей, ограничения широковещательных доменов и изоляции сегментов сети для повышения безопасности. В Windows вы можете настроить несколько логических сетевых интерфейсов с разными номерами VLAN на одном физическом интерфейсе несколькими способами.

Содержание:

Настройка VLAN интерфейсов в Windows 10 и 11
Добавить несколько VLAN ID в Windows Server 2019/2016
Как создать несколько VLAN в Windows Hyper-V?

Для использования VLAN необходимо соответствующим образом перенастроить порт коммутатора, куда подключен ваш компьютер/сервер. Порт должен быть переведен из режима access в режим транк. По умолчанию на транк порту разрешены все VLAN, но вы можете указать список номеров разрешенных VLAN(от 1до 4094), которые доступны на данном порту коммутатора Ethernet.

Настройка VLAN интерфейсов в Windows 10 и 11

В десктопных версиях Windows нет встроенный поддержки VLAN. По умолчанию драйвера большинства сетевых адаптеров обрезают в пакетах все VLAN-тэги и внешние VLAN становиться недоступными.

Для некоторых сетевых адаптеров вы можете задать номер VLAN в настройках драйвера:

Запустите консоль диспетчера устройств (
devmgmt.msc
);
Разверните секцию Network adapters и откройте свойства вашего сетевого адаптера;
Перейдите на вкладку Advanced и найдите опцию VLAN ID;
Здесь вы можете задать номер VLAN;
У некоторых сетевых карт сначала нужно включить опцию Packet Priority and VLAN.

В современных версиях Windows 10 и 11 вы можете задать один тег VLAN для вашего сетевого интерфейса. Для этого используется командлет PowerShell для управления сетевыми настройками. Например, вы хотите задать VLAN 50 для вашего сетевого интерфейса с именем Ethernet1:

Set-NetAdapter –Name "Ethernet1" -VlanID 50

Для некоторых сетевых карт (Intel, Broadcom, HP, Realtek) доступны специальные утилиты, позволяющие создать в Windows виртуальный сетевой интерфейс с VLAN ID. Для этого на компьютере нужно установить специальный драйвер с поддержкой тегированного трафика 802.1Q и официальную утилиту от вендора.

Создаем VLAN интерфейсы в Windows 10/11 на сетевой карте Realtek

Для сетевых карт Realtek вы можете настроить несколько виртуальных сетевых адаптеров с различными VLAN с помощью утилиты Realtek Ethernet Diagnostic Utility. Найдите описание вашего сетевого контролера Realtek на сайте вендора, и проверьте что эта модель поддерживает VLAN. Например, в спецификации сетевого контроллера RTL8169SC(L) присутствует строка:

Supports IEEE 802.1Q VLAN tagging

проверка поддержки vlan 802.1q сетевой картой realtek

Скачайте и установите последнюю версию сетевого драйвера для вашего адаптера Realtek и запустите утилиту Realtec Ethernet Diagnostic Utility (Diagnostic Program for Win7/Win8/Win10/Win11).

Перейдите в раздел VLAN, нажмите кнопку Add и добавьте нужный VLAN ID. После этого в Windows появится новый сетевой интерфейс.

Realtek Ethernet Diagnostic Utility настройка vlan

После того, как вы создали сетевые интерфейсы для ваших VLAN, вы можете задать на них нужный IP из соответствующей подсети.

Добавляем VLAN интерфейсы на сетевом адаптере Intel Ethernet

У Intel для настройки VLAN есть собственная утилита Intel Advanced Network Services (Intel® ANS) VLAN. Ваша модель сетевого адаптера, естественно, должна поддерживать технологию VLAN (например, VLAN не поддерживаются для карт Intel PRO/100 и PRO/1000). При установке драйвера выбейте опции Intel PROSet for Windows Device Manager и Advanced Network Services.

После этого в свойствах физического сетевого адаптера Intel появляется отдельная вкладка VLANs, где вы можете добавить несколько VLAN интерфейсов.

Однако этот способ работает во всех предыдущих версиях Windows (до Windows 10 1809). В последних версиях Windows на этой вкладке присутствует надпись:

Intel(R) Advanced Network (Intel(R) ANS) Teams and VLANs are not supported on Microsoft Windows 10.

Intel недавно выпустила обновленные драйвера сетевых адаптеров и утилиту Intel PROSet Adapter Configuration Utility для последних версий Windows 10 и 11. Скачайте и установите последнюю версию драйвера Intel и утилиту Intel PROset.

Запустите утилиту, перейдите на вкладку Teaming/VLANs, нажмите кнопку New, и укажите имя сетевого интерфейса и его VLANID.

Кроме того, вы можете добавить/удалить/просмотреть список VLAN на сетевых картах Intel с помощью специальных PowerShell командлетов из модуля IntelNetCmdlets. Импортируйте модуль в свою PowerShell сессию:

Import-Module -Name "C:\Program Files\Intel\Wired Networking\IntelNetCmdlets\IntelNetCmdlets" -Scope Local

Вы можете создать нетегированный виртуальный сетевой адаптер (обычно используется с native-vlan-id):

Add-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 0

Чтобы создать сетевой адаптер Intel с конкретным номером VLAN:

Add-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 11

Чтобы вывести список всех виртуальных сетевых адаптеров Intel:

Get-NetAdapter

Удалить VLAN адаптер:

Remove-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 11

командлеты Get-IntelNetVLAN, Add-IntelNetVLAN

Для сетевых карт Broadcom вы можете создавать группы виртуальных сетевых интерфейсов и назначать им VLAN ID с помощью утилиты Broadcom Advanced Control Suite.

Добавить несколько VLAN ID в Windows Server 2019/2016

В Windows Server 2022/2019/2016/2012R2 вы можете настроить несколько VLAN на одном сетевом интерфейсе с помощью встроенных средств (без установки специальных драйверов или утилит). Попробуем настроить несколько разных VLAN на одной физической сетевой карте в Windows Server 2019 с помощью NIC Teaming.

Обязательно убедитесь, что в настройках параметров дополнительных свойств сетевого адаптера не задана VLAN (значение VLAN ID = 0).

Запустите Server Manager -> Local и нажмите на ссылку «NIC Teaming«;
В секции Teams нажмите Task -> New Team. Укажите имя группы и выберите сетевые адаптеры, которые нужно в нее добавить;

Картинка с сайта: winitpro.ru

Можно создать группу NIC Teaming с помощью PowerShell:
New-NetLbfoTeam -Name vTeam -TeamMembers "Ethernet1","Ethernet2" -TeamingMode SwitchIndependent -LoadBalancingAlgorithm Dynamic
Теперь в секции «Adapter and Interfaces» можно добавить виртуальные сетевые интерфейсы. Нажмите Tasks -> Add Interface;
Укажите имя создаваемого интерфейса и номер VLAN;

Картинка с сайта: winitpro.ru

Из PowerShell добавить сетевой интерфейс и задать ему VLAN можно так:
Add-NetLbfoTeamNic -Team vTeam -VlanID 50 -Name VLAN50
Аналогичным образом можно добавить столько сетевых интерфейсов VLAN, сколько нужно;
Обратите внимание, что в Windows Server 2022/2019/2016 поддерживает не более 32 сетевых адаптеров (и соответственно уникальных VLAN) для одной группы NIC Teaming.
Для каждого сетевого интерфейса в панели управления сетевыми адаптерами (ncpa.cpl) появится отдельная виртуальная сетевая карта;

Картинка с сайта: winitpro.ru
Теперь вы можете настроить IP параметры всех созданных виртуальных VALN сетевых интерфейсов вручную в свойствах адаптера или с помощью PowerShell командлетов New-NetIPAddress и Set-DnsClientServerAddress:
New-NetIPAddress -InterfaceAlias my_VLAN_interface -IPAddress 192.168.30.30 -PrefixLength 24 -DefaultGateway 192.168.30.1 Set-DnsClientServerAddress -InterfaceAlias my_VLAN_interface -ServerAddresses 192.168.1.10

Как создать несколько VLAN в Windows Hyper-V?

Вы можете программно обрабатывать VLANы в Windows через через подсистему Hyper-V (доступно как в Windows Server, так и десктопных Windows 10/11 Pro и Enterprise редакциях). Вы можете создать виртуальный свитч с сетевым адаптером в определённом VLAN.

Для этого нужно установить компоненты Hyper-V:

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

Создайте новый виртуальный коммутатор через Hyper-V Manager или с помощью команд PowerShell (см. пример в статье о настройке Hyper-V Server).

Затем для каждого VLAN, который нужно создать, выполнить команды:

Add-VMNetworkAdapter -ManagementOS -Name VLAN50 -StaticMacAddress "11-22-33-44-55-AA" -SwitchName VLAN50Switch Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName VLAN50 -Access -VlanId 50

В результате у вас в системе появится сетевой адаптер с нужным тегом VLAN.

Если на вашем Hyper-V сервере запущены ВМ, вы можете поместить их в разные VALN. Чтобы переключить виртуальны сетевой адаптер ВМ на Hyper-V в режим Access и разрешить получать трафик только с определенным VLAN ID, используется команда:

Set-VMNetworkAdapterVlan -VMName Test1 -Access -VlanId 21

Вывести список ВМ и назначенных им VLAN:

Get-VMNetworkAdapterVLAN

В Windows Server 2022 с ролью Hyper-V вы не сможете привязать виртуальный свитч к такому тиминг-интерфейсу. Дело в том, что что LBFO NIC Teaming устарел (https://aka.ms/lbfodeprecation) и в Windows Server 2022 предлагается использовать Switch Embedded Teaming (SET).

Рассмотрим, как создать виртуальный адаптер и назначить ему VLAN в Windows Server 2022 Hyper-V с помощью SET.

Создайте виртуальный свитч, подключённый к сетевым адаптерам хоста:

New-VMSwitch -Name "HVSwitch1" -NetAdapterName "Ethernet3","Ethernet4" -EnableEmbeddedTeaming $true

Теперь создайте виртуальны адаптер, подключенный к виртуальному свитчу:

Add-VMNetworkAdapter -ManagementOS -Name "VLAN11" -StaticMacAddress "XX-XX-XX-XX-XX-XX" -SwitchName "HVSwitch1"

Назначьте тег VLAN для вашего виртуального адаптера:

Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "VLAN11" -Access -VlanId 11

Если нужно, чтобы виртуальный адаптер Hyper-V мог принимать пакеты из нескольких VLAN, можно использовать такую команду:

Get-VMNetworkAdapter -Name youradaptername | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList 50-59 -NativeVlanId 0

Параметр -NativeVlanId 0 обязателен. В этом случае мы указываем Hyper-V, что VLAN:0 используется в качестве нативного для нетегированного трафика.

Источник

In my blog entitled “Inter-VLAN Routing Between Virtual Machines” I created two subnets and made the necessary configuration on the router and in Hyper-V Manager to communicate between hosts in two different VLANs. The configuration works great but there is one glaring limitation – scalability. If I wanted to add more VLANs and assign those VLANs to a subnet, I would need to add more NICs. To address this limitation, I will configure a NIC Team in Windows Server 2019 and specify in Hyper-V Manager what VLAN I want my VMs to use for network communication.

A NIC Team is a way to group together several physical interfaces into one logical interface for the purpose of improving network performance and redundancy. In Cisco IOS this is also called an EtherChannel.

For this task I purchased an Intel Pro 1000 PT 1Gb Quad Port Ethernet Server Adapter. My hope was that I would be able to put all the ports in a Team or create two Teams with two ports in each team but this computer is only able to see two of the 4 ports on the server adapter. After troubleshooting for a few hours I could not figure out why my computer is unable to see all the ports. Perhaps there is some kind of hardware limitation unique to the Dell Optiplex 7010. I decided to power through and just use the two ports I am able to use.

VLAN Aware vs VLAN Capable

One of the things that came up for me as I was accomplishing this task is distinguishing the difference between VLAN Awareness and VLAN Capability. In the Hyper-V Virtual Switch Manager you are given the option of specifying a VLAN however when using this, you are not actually creating a VLAN. VLANs are created on the port of the network switch (VLAN capable). However, what Windows Server 2019 can do is acknowledge that a packet is tagged with a specific VLAN and pass the traffic to the switch to make the appropriate forwarding decision (VLAN aware). This is great because typically computers drop packets that are tagged with a VLAN.

NIC Team Configuration

To create a NIC Team, open the Server Manager and with “Local Server” selected in the left navigation pane, select the NIC Teaming option under the server properties. Then select “Tasks” under the “Teams” section and you will be able to select the interfaces you would like to join your new NIC Team, the Teaming mode and the Load balancing mode. In figure 1-1 I have right clicked on the NIC Team I created and selected properties which is identical to the screen you see when creating a new NIC Team:

Figure 1-1. Properties of my NIC Team

LACP or Link Aggregation Control Protocol allows the switch to dynamically negotiate which links between the switch and the host get added to the Link Aggregation Group (LAG). LACP in Windows Server operates in “active mode” so that means that on the switch I will also need to configure LACP in active mode. Im not overly concerned about load balancing performance so for the load balancing algorithm I went with Dynamic.

For this task I have also slightly amended the topology from my blog entitled “Inter-VLAN Routing Between Virtual Machines.” Since the EHWIC in my router does not support Link Aggregation, I will add a multilayer switch:

Figure 1-2. Updated Topology

EtherChannel Configuration

Below are the commands issued on S1 to configure a L2 EtherChannel:

Figure 1-3. Configuring L2 EtherChannel on S1

It is important first to make sure that both ports on the switch have the same configuration before creating the EtherChannel. I issued the #interface range command and grabbed both the fa1/0/1 and fa1/0/2 interface, configured the encapsulation protocol and set both to trunk mode. Then I created the etherchannel by issuing the #channel-group command and configured the negotiation protocol as “active” to specify to the switch that I want it to use LACP. Finally, I issued the #show etherchannel summary command to show that etherchannel is in an “up” state.

Confusingly, Cisco uses “etherchannel” , “channel group” , and “port channel” all to refer to the same thing. The output of this show command shows that I created a new logical interface called “Po1” and the protocol being used is LACP. The letters “S” and “U” are in parenthesis which according to the key in the show command output, indicate that this new logical interface is in use and is operating in L2. Success! The last thing to do now is specify in the Hyper-V Manager which VLANs I want to be used for network communication for the VLANs:

Figure 1-4. Configuring External vSwitch

First I selected the Virtual Switch Manager and renamed my vSwitch. Then I chose the NIC Team which is represented as “Microsoft Network Adapter Multiplexor Driver” and binded this NIC Team to the External vSwitch. I want the Hyper-V Host to participate in this vSwitch so I also selected the option “Allow management operating system to share this network adapter” The final piece of configuration for this external vSwitch is to specify VLAN 100 as the VLAN I want the Hyper-V host to use to communicate on the network.

Next I needed to configure a static IP address to the virtual NIC:

Figure 1-5. Configuring a static IP

The last piece of Hyper-V config is assigning each VM to the external switch “BH-vSwitch” and specifying the VLAN that I want each VM to use for network communication. BH-VM-SRV1 will be use VLAN 100 and BH-VM-SRV2 will use VLAN 110:

Figure 1-6a. Specifying VLAN for BH-VM-SRV1

Figure 1-6b. Specifying VLAN for BH-VM-SRV2

All that’s left is to test connectivity! From the Hyper-V host I was able to successfully ping the gateway of VLAN 100 as well as each VM as shown in figure 1-7 below. I was also able to successfully ping BH-VM-SRV1 from BH-VM-SRV2 and vice-versa.

Figure 1-7. Successful pings on Hyper-V Host

Источник

In this article, we’ll show how to configure a tagged VLAN interface on Windows 10/11 and Windows Server 2019 (2022/2016/2012R2). The VLAN (Virtual LAN) specification is described in the IEEE 802.1Q standard and involves marking traffic with tags (vlanid) so that a network packet may be referred to a particular virtual network. VLANs are used to separate and segment networks, restrict broadcast domains, and isolate network segments to improve security. On Windows, you can configure multiple logical network interfaces with different VLAN IDs on a single physical NIC using different tools.

Contents:

Creating Multiple VLAN Interfaces on Windows 10 and 11
How to Configure Multiple VLANs on Windows Server 2022/2019/2016?
Create Multiple VLANs with Windows Hyper-V Role

To use VLAN on Windows, you need to reconfigure the physical switch port to which your computer/server is connected to. The port must be switched from access mode to trunk mode. By default, all VLANs are allowed on a trunk port, but you can set the list of allowed VLAN numbers (1 to 4094) available at this Ethernet switch port.

Creating Multiple VLAN Interfaces on Windows 10 and 11

Windows desktop editions don’t natively support VLAN tagging. By default, most network adapter drivers ignore all VLAN tags in network packets and external VLANs become inaccessible.

For some network adapters, you can set the VLAN number in the driver properties:

Run the Device Manager (devmgmt.msc);
Expand the Network adapters section and open the properties of your network adapter;
Go to the Advanced tab and find the VLAN ID option;

Картинка с сайта: woshub.com
You can set the VLAN number here;
For some NICs, you first need to enable the Packet Priority and VLAN option.

In modern versions of Windows 10 and 11, you can set one VLAN tag for a network interface adapter. You can use PowerShell to manage network settings. For example, you want to set VLAN ID 24 for your network interface named Ethernet0:

Set-NetAdapter –Name "Ethernet0" -VlanID 24

For some NICs (from Intel, Broadcom, HP, Realtek), special tools are available that allow you to create a virtual network interface in Windows with a VLAN ID. To do this, you need to install a special driver on your computer that supports 802.1Q tagged traffic and the official configuration tool from the vendor.

Create Multiple VLANs on a Realtek NIC in Windows 10 or 11

For Realtek NICs, you can configure multiple virtual NICs with different VLANs using the Realtek Ethernet Diagnostic Utility. Find the description of your Realtek network controller on the vendor’s website, and check that this model supports VLAN. For example, the specification for the RTL8169SC(L) network controller has this option:

Supports IEEE 802.1Q VLAN tagging

Download and install the latest network driver for your Realtek adapter and run the Realtek Ethernet Diagnostic Utility (Diagnostic Program for Win7/Win8/Win10/Win11).

Go to the VLAN section, click Add, and add the required VLAN ID. After that, a new network interface will appear in Windows.

create vlan on windows 10 using the Realtek Ethernet Diagnostic Utility

After creating network interfaces for your VLANs, you can assign the IP addresses from the corresponding IP network.

How to Setup VLAN on an Intel Ethernet Network Adapter?

Intel has its own Intel Advanced Network Services (Intel® ANS) tool for configuring VLAN interfaces. Your network adapter model, of course, must support VLAN (for example, VLAN is not supported for NICs such as Intel PRO/100 or PRO/1000). When installing the driver, select the Intel PROSet for Windows Device Manager and Advanced Network Services options.

Then a separate VLANs tab appears in the properties of your physical Intel network adapter, where you can create multiple VLAN interfaces.

However, this method works on all previous versions of Windows (up to Windows 10 1809). In modern Windows 10/11 builds, the following message is displayed in the VLANs tab:

Intel(R) Advanced Network (Intel(R) ANS) Teams and VLANs are not supported on Microsoft Windows 10.

Intel(R) Advanced Network (Intel(R) ANS) Teams and VLANs are not supported on Microsoft Windows 10.

Intel recently released new network adapter drivers and the Intel PROSet adapter configuration tool for the latest builds of Windows 10 and 11. Download and install the latest Intel driver and Intel PROset utility.

Run the configuration tool, go to the Teaming/VLANs tab, click the New button, and specify the name of the network interface and its VLANID.

add a new VLAN on Windows using Intel PROSet Adapter Configuration Utility

In addition, you can add/remove/view the list of VLANs on Intel NICs using the PowerShell cmdlets from the IntelNetCmdlets module. Import the module into your PowerShell session:

Import-Module -Name "C:\Program Files\Intel\Wired Networking\IntelNetCmdlets\IntelNetCmdlets" -Scope Local

You can create an untagged virtual network adapter (usually used with native-vlan-id):

Add-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 0

To create an Intel NIC with a specific VLAN number:

Add-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 103

To list all virtual Intel network adapters:

Get-NetAdapter

Remove VLAN interface:

Remove-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 103

IntelNetCmdlets powershell module - list vlans Get-IntelNetVLAN

For Broadcom NICs, you can create groups of virtual network interfaces and assign VLAN IDs using the Broadcom Advanced Control Suite tool.

How to Configure Multiple VLANs on Windows Server 2022/2019/2016?

In Windows Server 2022/2019/2016/2012R2, you can configure multiple VLANs on the same network interface using built-in tools (without installing third-party drivers and tools). Let’s try to configure multiple VLANs on the same physical NIC in Windows Server 2019 using NIC Teaming.

Make sure that no VLAN number is set in the network adapter advanced settings (VLAN ID = 0).

disable vlanid in the physical NIC properties on Windows Server 2016

Open the Server Manager -> Local and click the NIC Teaming link;
In the Teams section, click Task -> New Team. Specify the group name and select network adapters to add;

Картинка с сайта: woshub.com

You can create a NIC Teaming group using PowerShell:
New-NetLbfoTeam -Name vTeam -TeamMembers "Ethernet1","Ethernet2" -TeamingMode SwitchIndependent -LoadBalancingAlgorithm Dynamic
Then in the “Adapter and Interfaces” section, add virtual network interfaces. Click Tasks -> Add Interface;
Enter the name of the interface you are going to create and a VLAN number;

Картинка с сайта: woshub.com

You can add a network interface and set a VLAN for it in PowerShell:
Add-NetLbfoTeamNic -Team vTeam -VlanID 24 -Name VLAN24
In the same way, you can add as many VLAN network interfaces as you need;
Please note that Windows Server 2022/2019/2016 supports a maximum of 32 NICs (and unique VLANs) per NIC Teaming group.
A separate virtual network adapter will appear in the list of network connections in ncpa.cpl;

Картинка с сайта: woshub.com
Now you can configure the IP settings for each VLAN interface in the properties of the network adapter or using PowerShell cmdlets:
New-NetIPAddress -InterfaceAlias your_VLAN_interface -IPAddress 192.168.10.10 -PrefixLength 24 -DefaultGateway 192.168.10.1 Set-DnsClientServerAddress -InterfaceAlias your_VLAN_interface -ServerAddresses 192.168.100.12

Create Multiple VLANs with Windows Hyper-V Role

You can programmatically handle multiple VLANs in Windows through the Hyper-V subsystem (available in both Windows Server and desktop Windows 10/11 Pro and Enterprise editions). You can create a virtual switch with a network adapter in a specific VLAN.

To do this, you need to install Hyper-V components:

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

Create a new virtual switch through Hyper-V Manager or using PowerShell commands (see an example in the article on how to configure Hyper-V Server).

Then run the following commands for each VLAN you want to create:

Add-VMNetworkAdapter -ManagementOS -Name VLAN24 -StaticMacAddress "11-11-AA-BB-CC-DD" -SwitchName vSwitch2 Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName VLAN24 -Access -VlanId 24

So a network adapter with the VLAN you want will appear in Windows.

If you have VMs running on your Hyper-V server, you can put them in different VLANs. To switch the virtual network adapter of a VM on Hyper-V to Access mode and allow it to receive traffic only with a specific VLAN ID, use the command:

Set-VMNetworkAdapterVlan -VMName MyVMName1 -Access -VlanId 30

Display a list of VMs and their assigned VLANs:

Get-VMNetworkAdapterVLAN

In Windows Server 2022 with the Hyper-V role, you won’t be able to bind a virtual switch to such a teaming interface. The fact is that LBFO NIC Teaming is a deprecated feature on Windows Server 2022 (https://aka.ms/lbfodeprecation). Instead of NIC Teaming, it is proposed to use Switch Embedded Teaming (SET).

Let’s create a virtual adapter and assign a VLAN to it on Windows Server 2022 Hyper-V using SET.

Create a virtual switch connected to the host’s physical adapters:

New-VMSwitch -Name HVVLANSwitch1 -NetAdapterName "Ethernet3","Ethernet4" -EnableEmbeddedTeaming $true

Now create a virtual adapter connected to the virtual switch:

Add-VMNetworkAdapter -ManagementOS -Name "VLAN22" -StaticMacAddress "XX-XX-XX-XX-XX-XX" -SwitchName HVVLANSwitch1

Assign a VLAN tag to your virtual adapter:

Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "VLAN22" -Access -VlanId 22

You can enable the virtual Hyper-V adapter to receive packets from multiple VLANs using the command:

Get-VMNetworkAdapter -Name youradaptername | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList 40-69 -NativeVlanId 0

The -NativeVlanId 0 parameter is required. In this case, we tell Hyper-V that VLAN:0 is used as native for untagged traffic.

Источник

http://woshub.com/configure-multiple-vlan-on-windows/

Configuring Multiple VLAN Interfaces on Windows

Contents:

Creating Multiple VLAN Interfaces on Windows 10 and 11
How to Configure Multiple VLANs on Windows Server 2022/2019/2016?
Create Multiple VLANs with Windows Hyper-V Role

In order to use VLAN on Windows, you need to reconfigure the physical switch port to which your computer/server is connected to. The port must be switched from access mode to trunk mode. By default, all VLANs are allowed on a trunk port, but you can set the list of allowed VLAN numbers (1 to 4094) available at this Ethernet switch port.

Creating Multiple VLAN Interfaces on Windows 10 and 11

Windows desktop editions don’t natively support VLAN tagging. By default, most network adapter drivers ignore all VLAN tags in network packets and external VLANs become inaccessible.

For some network adapters, you can set the VLAN number in the driver properties:

Run the Device Manager (devmgmt.msc);
Expand the Network adapters section and open the properties of your network adapter;
Go to the Advanced tab and find the VLAN ID option;
You can set the VLAN number here;
For some NICs, you first need to enable the Packet Priority and VLANoption.

Set-NetAdapter –Name "Ethernet0" -VlanID 24

On Windows, you can assign multiple IP addresses (aliases) to the same network interface, but you cannot bind these IP addresses to different VLANs. You will have to create additional virtual network cards.

Create Multiple VLANs on a Realtek NIC in Windows 10 or 11

Supports IEEE 802.1Q VLAN tagging

Download and install the latest network driver for your Realtek adapter and run the Realtek Ethernet Diagnostic Utility (Diagnostic Program for Win7/Win8/Win10/Win11).

Go to the VLAN section, click Add and add the required VLAN ID. After that, a new network interface will appear in Windows.

After creating network interfaces for your VLANs, you can assign the IP addresses from the corresponding IP network.

How to Setup VLAN on an Intel Ethernet Network Adapter?

Then a separate VLANs tab appears in the properties of your physical Intel network adapter, where you can create multiple VLAN interfaces.

However, this method works on all previous versions of Windows (up to Windows 10 1809). In modern Windows 10/11 builds, the following message is displayed in the VLANs tab:

Intel(R) Advanced Network (Intel(R) ANS) Teams and VLANs are not supported on Microsoft Windows 10.

Run the configuration tool, go to the Teaming/VLANs tab, click the New button, and specify the name of the network interface and its VLANID.

In addition, you can add/remove/view the list of VLANs on Intel NICs using the PowerShell cmdlets from the IntelNetCmdlets module. Import the module into your PowerShell session:

Import-Module -Name "C:\Program Files\Intel\Wired Networking\IntelNetCmdlets\IntelNetCmdlets" -Scope Local

You can create an untagged virtual network adapter (usually used with native-vlan-id):

Add-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 0

To create an Intel NIC with a specific VLAN number:

Add-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 103

To list all virtual Intel network adapters:

Get-NetAdapter

Remove VLAN interface:

Remove-IntelNetVLAN -ParentName "Intel(R) Ethernet Connection I219-LM" -VLANID 103

For Broadcom NICs, you can create groups of virtual network interfaces and assign VLAN IDs using the Broadcom Advanced Control Suite tool.

How to Configure Multiple VLANs on Windows Server 2022/2019/2016?

Make sure that no VLAN number is set in the network adapter advanced settings (VLAN ID = 0).

Open the Server Manager -> Local and click the NIC Teaming link;
In the Teams section, click Task -> New Team. Specify the group name and select network adapters to add;

Картинка с сайта: iamsto.wordpress.com

You can create a NIC Teaming group using PowerShell:
New-NetLbfoTeam -Name vTeam -TeamMembers "Ethernet1","Ethernet2" -TeamingMode SwitchIndependent -LoadBalancingAlgorithm Dynamic
Then in the “Adapter and Interfaces” section, add virtual network interfaces. Click Tasks -> Add Interface;
Enter the name of the interface you are going to create and a VLAN number;

Картинка с сайта: iamsto.wordpress.com

You can add a network interface and set a VLAN for it in PowerShell:
Add-NetLbfoTeamNic -Team vTeam -VlanID 24 -Name VLAN24
In the same way, you can add as many VLAN network interfaces as you need; Please note that Windows Server 2022/2019/2016 supports a maximum of 32 NICs (and unique VLANs) per NIC Teaming group.
A separate virtual network adapter will appear in the list of network connections in ncpa.cpl;
Now you can configure the IP settings for each VLAN interface in the properties of the network adapter or using PowerShell cmdlets:
New-NetIPAddress -InterfaceAlias your_VLAN_interface -IPAddress 192.168.10.10 -PrefixLength 24 -DefaultGateway 192.168.10.1 Set-DnsClientServerAddress -InterfaceAlias your_VLAN_interface -ServerAddresses 192.168.100.12

Create Multiple VLANs with Windows Hyper-V Role

To do this, you need to install Hyper-V components:

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

Create a new virtual switch through Hyper-V Manager or using PowerShell commands (see an example in the article on how to configure Hyper-V Server).

Then run the following commands for each VLAN you want to create:

Add-VMNetworkAdapter -ManagementOS -Name VLAN24 -StaticMacAddress "11-11-AA-BB-CC-DD" -SwitchName vSwitch2 Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName VLAN24 -Access -VlanId 24

So a network adapter with the VLAN you want will appear in Windows.

Set-VMNetworkAdapterVlan -VMName MyVMName1 -Access -VlanId 30

Display a list of VMs and their assigned VLANs:

Get-VMNetworkAdapterVLAN

Let’s create a virtual adapter and assign a VLAN to it on Windows Server 2022 Hyper-V using SET.

Create a virtual switch connected to the host’s physical adapters:

New-VMSwitch -Name HVVLANSwitch1 -NetAdapterName "Ethernet3","Ethernet4" -EnableEmbeddedTeaming $true

Now create a virtual adapter connected to the virtual switch:

Add-VMNetworkAdapter -ManagementOS -Name "VLAN22" -StaticMacAddress "XX-XX-XX-XX-XX-XX" -SwitchName HVVLANSwitch1

Assign a VLAN tag to your virtual adapter:

Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "VLAN22" -Access -VlanId 22

Switch Embedded Teaming is not compatible with SR-IOV for Hyper-V virtual machines.

You can enable the virtual Hyper-V adapter to receive packets from multiple VLANs using the command:

Get-VMNetworkAdapter -Name youradaptername | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList 40-69 -NativeVlanId 0

The -NativeVlanId 0 parameter is required. In this case, we tell Hyper-V that VLAN:0 is used as native for untagged traffic.

!!! This article is mo-ta-mo copy/paste from http://woshub.com/configure-multiple-vlan-on-windows/ . Please contact us to remove article in case of copyright “something”. Thank you. !!!

Источник

For Dedicated Servers managed in the Cloud Panel

With a private network, you can divide your existing network into several logical networks. The servers communicate using local IPs that are not routed on the Internet.

The use of private networks offers you the following advantages:

You can organize your networks according to organizational aspects.
You can easily add or remove your servers.
You can reduce latency and network load.
You can optimize traffic by prioritizing data packets.
Each server can only communicate with servers on the same private network.
You can seal off servers with confidential data.

The use of a private network can be useful in the following example cases:

Setting up a private network for departments or project teams
Setting up a private network connected to a load balancer
Setting up a private network for a web server and a database server

You can create a private network consisting of dedicated servers by configuring tagged VLANs. VLANs are virtual local networks. These are combined into one standard in IEEE 802.1Q. With VLANs, you can divide an existing physical network into multiple logical networks with different subnets. The data traffic is encapsulated so that data from one or more VLANs can be transmitted independently of each other.

Tagged VLANs do not have a fixed assignment between the virtual network and a port. The assignment is made by marking the data packets. The data packets are provided with tags in which the VLAN ID is stored. This is done according to IEEE 802.1Q by the respective terminal device. In this case, these are the servers assigned to the private network.

Using the VLAN ID, a switch can recognize to which VLAN the data packet belongs. This allows multiple VLANs to be used via a single switch port.

To connect a server that has only one network card to multiple separate networks, you must set up the network card as a trunk port. For this purpose, the NIC team is used as of Microsoft Windows Server 2012.

Caution

This article assumes you have a basic knowledge of server administration with Microsoft Windows Server.
If you do not configure the server correctly, it may no longer be available.
To use the private network for dedicated servers, you must configure all the servers assigned to the network.

To set up a tagged VLAN in Microsoft Windows Server, follow the steps below:

Requirements

You have created at least two dedicated servers.
You have assigned the dedicated servers to a private network.

Determining the VLAN ID

The VLAN ID is required for configuring the network card.

How to determine the VLAN ID:

Open the Cloud Panel.
In the Infrastructure > Servers section, select the desired server.
Scroll to the Private Networks menu item.
Make a note of the VLAN ID.

Example: VLAN: 3509

Checking the Network Card Settings

The current settings must be checked so that the network card can be configured correctly.

Log on to the server as an administrator.
Open the Control Panel.
Click Network and Internet > Network Connections.
Click Change Adapter Settings.

Right-click the network connection and select Properties.
Click Configure.

In the Advanced tab under Property:, click VLAN ID.
Make sure that the value 0 is entered. Otherwise, the network card cannot be configured correctly if you want to create multiple VLANs or private networks.

Configuration of the Network Card

In this example, we assume that a host needs access to a VLAN or a private network. The assigned IP address for the host is 192.168.2.2/24 for VLAN 3509. For other VLANs, the setup is the same.

Log on to the server as an administrator.
Open the Server Manager.
Click Local Server in the navigation bar on the left.
In the Properties pane, select NIC Teaming. The NIC Teaming window opens.

Click under TEAMS on TASKS > New Team.

In the Team Name field, enter a name for the new team.
Select the network card for which you want to configure multiple VLANs. Example: Ethernet i210#1

Click OK.
Another additional network interface is added.
In the Teams section, click the team created, which is marked in blue.
In the ADAPTERS AND INTERFACES section, click Team Interfaces.
Click Tasks > Add Interface.

Enter a name for the new team interface. Example VLAN 3509
Under VLAN Membership, select the Specific VLAN: option and enter the determined VLAN ID.
Click OK. The network adapter is created. A second network adapter is then displayed under Control Panel > Network and Internet > Network and Sharing Center > Change Adapter Settings.
Click Control Panel > Network and Internet > Network and Sharing Center > Change Adapter Settings.
Right-click the newly created second network adapter.

Click Properties.
Double-click Internet Protocol Version 4 (TCP / IPv4).
Select the Use the following IP address option: .
In the IP Address: field, enter the IP address that you want the server to have in the private network. Example: 192.168.2.2
In the Subnet Mask: field, enter the subnet mask of the private network. This is 255.255.255.0.
Confirm the remaining open dialogs with OK.

Please Note

The physical network card can no longer be used. This is now connected to the Microsoft multiplexor protocol for network cards.

Источник