Complete the two following tasks to set up port mirroring on a Windows Server 2012 R2 Hyper-V host.
Important: Before you configure port mirroring on a Windows Server 2012 VM, make sure that the Microsoft packet sniffing tool hotfix is applied.
Configuring the Virtual Machine to Capture Mirrored Traffic
To configure the virtual machine you want to use to capture mirrored traffic
- Open the Hyper-V Manager and right-click the machine that you want to use to capture mirrored traffic.
- Select Settings.
- Expand the associated network adapter and select Advanced Features.
Scroll to the Port mirroring section and set the Mirroring mode to Destination.
- Click Apply and OK.
Configuring the Mirror Port
To configure the mirror port
- Open the Windows PowerShell console.
$a = Get-VMSystemSwitchExtensionPortFeature -FeatureId 776e0ba7-94a1-41c8-8f28-951f524251b5
$a.SettingData.MonitorMode = 2
add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName <virtual_switch_name> -VMSwitchExtensionFeature $a
Important: Be aware that, if you enable promiscuous mode for a physical port, it directs all the traffic received on that port towards the virtual machine destination.
To learn more about configuring port mirroring on a Hyper-V virtual machine, refer to this article on the Microsoft website.
Additional Configurations for Port Mirroring Setup from VLAN Traffic
If your environment uses a Virtual LAN to route traffic, you will also need to configure Hyper-V to accept packets from the designated VLAN ID range.
To set up VLAN port mirroring
In Hyper-V Guest, create a Network Interface Controller (NIC) designated "management" with the following PowerShell command
Add-VMNetworkAdapter -VMName <VirtualMachineName> -Name "Management"
Add the port you will use as a mirror
Add-VMNetworkAdapter -Vmname <VirtualMachineName> -name "Mirror"
If you have multiple NICs you are mirroring, repeate this step for each NIC.
Add the VLAN ID ranges that will be mirrored
Set-VMNetworkAdapterVlan -VMName VIRTUALMACHINENAME -VMNetworkAdapterName "mirror" -trunk -allowedvlanidlist <VLAN-ID-Range> -nativevlanid <VLAN-ID-Range>
Important: The NIC needs to be created, named, and tagged with VLAN ID ranges as a guest in Hyper-V. If the NIC is not named and tagged properly, it can create errors in the guest system.
Related Video Content
To view other related training videos, click here.