Hyper-v 2008R2 subnet isolation between host and guest OS

Hello all!

I am going to show my networking ignorance to some degree here. I have a 2008R2 server running Hyper-v. This, obviously, in turn hosts a virtual environment. The host system has multiple network cards and on one nic communicates with a consumer linksys router. This router provides the host system with dchp, dns, and gives access to the internet. What I am wanting to do is to completely seperate the guest virtual environment from the physical (host's) while giving the virtualized guest environment internet access. Hyper-v uses a secondary nic in the host computer that the guest systems use. The virtual environment will host its own ad, dns and dhcp servers. For lab purposes, I do not want the physical system to communicate with the host system's dns or dhcp. I know this can be accomplished via subnetting, but I am a little limted without a vlan router. I would also like the host system to be able to access systems from in the virtual environment via direct routes, but I do not want the default subnet (let's say new laptops that join the wireless router's default subnet) to easily communicate with the virtual.

What additional hardware do I need to purchase? Is this even possible? I currently have 1 linkysys wrt54 wireless router and one cisco pix 501. My preference would be to use consumer level hardware, but if a single router with vlan capability will accomplish this, at a reasonable price, then I am open to that as well.

My linksys router is configured with a class C subnet. The router is configured as follows...

Subnet ID 0: Is the non virtual environment.
Subnet ID 1: Will be the virtual environment
Who is Participating?
James HaywoodConnect With a Mentor Commented:
you dont need to use VLANs for this. To give you a quick heads up on Hyper-V networking see this


You can have the host on a single NIC communicating with the router (I personally wouldn't as I like my hosts isolated)

The VMs can be connected to the outside world using an External Virtual Network on the 2nd NIC you mentioned. As long as the host does not share this V.Network there will be no conflicts.

For the host and VMs to talk create an Internal Virtual Network using a different address range than both external connections. This way any device joining the virtual network will not talk directly to the host but only to the VMs as you needed.

Hope this helps
Here is a little networking primer then; Routers do not make vlans, switches do.

VLAN is a layer 2 technology on switches. A computer on 1 vlan can not see the traffic and the broadcasts of computers on differing vlans. 2 computers on vlan 1 can talk to each other but not with a computer on vlan 2, for example.

What the routers (layer 3 devices) do is to actually allow the vlans to communicate via routing. The router is made a member of both vlans and allows traffic across, or blocks t if you wish.

A switch can have built in routing capability and is called a layer 3 switch. Or you can add a switch port module to a router.

You can accomplish vlan  with an inexpensive switch, I have a netgear switch with 48 ports that you access its vlan and other port setting via a browser. It should do the trick of keeping your traffic seperate. If you want both networks to access the internet but they are on seperate subnets and you have 1 default gateway, you must route them someway.

a quick look and I found a $119 switch that can do vlan.


Put the network you want on the internet onto the same vlan with the isp router you have and you will have internet access for that lan.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.