How to Configure a Virtual Switch in Hyper-V on Windows Server 2012 R2
Virtual switches are the networking backbone of a Hyper-V environment. Every virtual machine that needs network connectivity must be connected to a virtual switch, which in turn determines whether the VM can reach the physical network, communicate only with other VMs, or both. Getting virtual switch configuration right is essential — poor planning leads to VMs that cannot communicate with each other or the outside world, or hosts that lose network connectivity after a switch misconfiguration.
Windows Server 2012 R2 Hyper-V supports three types of virtual switches, extensible switch capabilities for third-party plugins, NIC teaming for switch uplinks, and VLAN tagging for network isolation. This guide provides a comprehensive walkthrough of all virtual switch scenarios you will encounter in a real-world Hyper-V deployment.
Prerequisites
- Hyper-V role installed on Windows Server 2012 R2.
- At least one physical network adapter (two recommended — one dedicated for VM traffic, one for host management).
- Understanding of your network topology: VLANs, subnets, and which adapters should carry VM traffic.
- Administrator account.
Understanding the Three Virtual Switch Types
External — Connected to a physical NIC. VMs can communicate with the physical network, other VMs, and the Hyper-V host. This is the type you use for production workloads that need network access.
Internal — Not connected to a physical NIC. VMs can communicate with each other and with the Hyper-V host, but not with the physical network. Useful for test environments and NAT scenarios.
Private — VMs can only communicate with other VMs on the same private switch. The host cannot communicate with these VMs via this switch. Used for completely isolated test environments.
Step 1: Create an External Virtual Switch
# Import the Hyper-V module
Import-Module Hyper-V
# List available physical adapters for the switch uplink
Get-NetAdapter | Select-Object Name, InterfaceDescription, Status, LinkSpeed
# Create an external virtual switch on a dedicated adapter
# AllowManagementOS:$true = the Hyper-V host also uses this switch for network access
New-VMSwitch `
-Name "External-Production" `
-NetAdapterName "Ethernet 2" `
-AllowManagementOS $true `
-Notes "Production VM external network switch"
# Create an external switch with management OS disabled (VMs only, no host access)
# Use this when the host has a dedicated management NIC (Ethernet 1) and Ethernet 2 is for VMs only
New-VMSwitch `
-Name "External-VMOnly" `
-NetAdapterName "Ethernet 3" `
-AllowManagementOS $false
# Verify the switch was created
Get-VMSwitch | Select-Object Name, SwitchType, NetAdapterInterfaceDescription, AllowManagementOSStep 2: Create Internal and Private Switches
# Create an internal virtual switch (host and VMs can communicate)
New-VMSwitch `
-Name "Internal-TestLab" `
-SwitchType Internal `
-Notes "Isolated test lab network"
# Create a private virtual switch (VMs only, host cannot communicate)
New-VMSwitch `
-Name "Private-Isolated" `
-SwitchType Private `
-Notes "Completely isolated VM network"
# List all virtual switches
Get-VMSwitch | Select-Object Name, SwitchType, Notes | Format-TableStep 3: Configure NIC Teaming for Switch Uplinks
NIC teaming provides bandwidth aggregation and redundancy for virtual switch uplinks. If one physical NIC fails, VMs continue to have network access through the remaining team member.
# Create a NIC team for Hyper-V switch uplinks
# Note: Do this BEFORE creating the Hyper-V switch on the team
New-NetLbfoTeam `
-Name "VM-Team" `
-TeamMembers "Ethernet 2","Ethernet 3" `
-TeamingMode SwitchIndependent `
-LoadBalancingAlgorithm Dynamic
# Wait for the team to form
Start-Sleep -Seconds 10
Get-NetLbfoTeam -Name "VM-Team"
# Create the external virtual switch on the team adapter
New-VMSwitch `
-Name "External-Teamed" `
-NetAdapterName "VM-Team" `
-AllowManagementOS $true
# Verify the switch is using the team
Get-VMSwitch -Name "External-Teamed" |
Select-Object Name, NetAdapterInterfaceDescriptionStep 4: Configure VLANs on Virtual Switch Ports
VLAN tagging allows a single physical switch port (and corresponding Hyper-V virtual switch) to carry multiple isolated networks. Each VM NIC can be placed on a specific VLAN.
# Assign a VLAN to a specific VM's network adapter
# First, identify the VM and its NIC
Get-VMNetworkAdapter -VMName "WebServer01" | Select-Object Name, SwitchName
# Set VLAN 100 on the VM's network adapter (Access mode)
Set-VMNetworkAdapterVlan `
-VMName "WebServer01" `
-VMNetworkAdapterName "Network Adapter" `
-Access `
-VlanId 100
# Set VLAN 200 on a second VM
Set-VMNetworkAdapterVlan `
-VMName "DBServer01" `
-VMNetworkAdapterName "Network Adapter" `
-Access `
-VlanId 200
# Configure the management OS VLAN (for the host's vNIC on the switch)
Set-VMNetworkAdapterVlan `
-ManagementOS `
-VMNetworkAdapterName "External-Production" `
-Access `
-VlanId 10
# Verify VLAN assignments
Get-VMNetworkAdapterVlan -VMName "WebServer01"
Get-VMNetworkAdapterVlan -ManagementOSStep 5: Configure Bandwidth Management
Bandwidth management prevents a single VM from monopolising switch bandwidth at the expense of others. This is particularly important on shared NIC configurations.
# Enable bandwidth management on the virtual switch
Set-VMSwitch -Name "External-Production" -DefaultFlowMinimumBandwidthAbsolute 0
# Set minimum bandwidth for a specific VM NIC (1 Gbps minimum, 2 Gbps maximum)
Set-VMNetworkAdapter `
-VMName "WebServer01" `
-MinimumBandwidthAbsolute 1000000000 `
-MaximumBandwidth 2000000000
# Or use weight-based bandwidth (relative allocation)
# First set switch to weight mode
Set-VMSwitch -Name "External-Production" -DefaultFlowMinimumBandwidthWeight 1
Set-VMNetworkAdapter `
-VMName "DBServer01" `
-MinimumBandwidthWeight 50 # Gets 50x weight relative to others
# Check bandwidth settings
Get-VMNetworkAdapter -VMName "WebServer01" |
Select-Object VMName, MinimumBandwidthAbsolute, MaximumBandwidthStep 6: Configure MAC Address Management
# View the MAC address pool used for dynamic assignment
Get-VMHost | Select-Object MacAddressMinimum, MacAddressMaximum
# Change the MAC address pool (ensure it doesn't conflict with physical MAC ranges)
Set-VMHost -MacAddressMinimum "00155D010000" -MacAddressMaximum "00155D01FFFF"
# Assign a static MAC address to a VM NIC (for network policies, DHCP reservations, etc.)
Set-VMNetworkAdapter `
-VMName "WebServer01" `
-StaticMacAddress "00155D010001"
# View all VM NICs and their MAC addresses
Get-VMNetworkAdapter -All |
Select-Object VMName, MacAddress, SwitchName | Sort-Object VMNameStep 7: Verify and Troubleshoot Virtual Switch Connectivity
# List all virtual switches and their properties
Get-VMSwitch | Format-List Name, SwitchType, NetAdapterInterfaceDescription, AllowManagementOS
# List all VM network adapters and their switch connections
Get-VMNetworkAdapter -All |
Select-Object VMName, Name, SwitchName, MacAddress, Status
# Test VM network connectivity (from inside the VM or via PowerShell remoting)
Invoke-Command -VMName "WebServer01" -Credential (Get-Credential) -ScriptBlock {
Test-NetConnection -ComputerName "192.168.1.1" -Port 80
}
# Check if the management OS vNIC has correct IP
Get-NetIPAddress | Where-Object { $_.InterfaceAlias -like "*vEthernet*" }
# View virtual switch extension status
Get-VMSwitchExtension -VMSwitchName "External-Production" |
Select-Object Name, Enabled, RunningSummary
Virtual switch configuration in Hyper-V on Windows Server 2012 R2 determines how all VMs communicate with each other and the outside world. The key design decisions are: use External switches for production VMs that need physical network access, use NIC teaming for the switch uplink on production hosts to eliminate single points of failure, configure VLANs to isolate different VM tiers (web, app, database) on the same physical switch infrastructure, and enable bandwidth management on hosts where storage or network-intensive VMs might starve other workloads. Always keep the Hyper-V host’s management network on a separate NIC (not shared with VM traffic) in production environments to prevent a misconfigured VM switch from cutting off host management access.
