Herr HoZi

In this post I describe how to configure a Hyper-V virtual network switch into promiscuous mode. This mode allows you to monitor external traffic, eg. Needed for  Microsoft Defender for IoT.

Assuming you already created an dedicated virtual network switch, you have to run these four steps.

• Turn off Allow management operation system to share this network adapter
• Turn off Enable virtual machine queue
• Set port mirroing mode to Destination
• Configure the Ethernet Switch Port Security Settings

My setup:

• Hyper-V Host – HOME-NUC01
• Virtual Network Switch – Span4IoT
• Virtual Machine – MD4IOT

Step #01: Turn off the management operation system to share this network adapter

1. Open Hyper-V Manager > Select Action > Virtual Switch Manager > (your NIC) > External Network
2. clear option Allow management operation system to share this network adapter

Step #02: Turn off Enable virtual machine queue

1. Open Hyper-V Manager > (your VM) > Settings > (your NIC) > Hardware Acceleration
2. clear option Enable virtual machine queue

Step #03: Set port mirroing mode to Destination

1. Open Hyper-V Manager > (your VM) > Settings > (your NIC) > Advanced Features
2. Port mirroring > Mirroing mode > Destination

Step #04: Configure the Ethernet Switch Port Security Settings

Run the following PowerShell cmdlets on the hyper-v host (not in the virtual machine)

#get VMSwitch Settings
Get-VMSwitch | ft Name, SwitchType, NetAdapterInterfaceDescription, AllowManagementOs
#
# configure the corresponding switch for monitorting
$VMSwitch = "Span4IoT"
$portFeature=Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings"
$portFeature.SettingData.MonitorMode = 2
Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName $VMSwitch -VMSwitchExtensionFeature $portFeature