Forum Discussion

PieroB83's avatar
PieroB83
Occasional Reader
Dec 11, 2025

Issue with Hyper-V VM on Tagged VLAN – Traffic Reaches Local Hosts but Not External Networks

Hi everyone, I’m having an issue getting a Hyper-V VM to work correctly when using a tagged VLAN interface. I have a test VM configured with a trunk port and a tagged VLAN. Here is the configuratio...
Azure Stack HCI
Kidd_Ip's avatar
Kidd_Ip
MVP
Dec 12, 2025

Would suggest trying on below:

 

1.    Confirm host vSwitch and adapters
o    List vSwitches: 

Get-VMNetworkAdapterVlan -VMName "testvlan"


o    Check host VLAN on the vSwitch adapter: the host vNIC bound to the external vSwitch should show no VLAN ID.
2.    Validate VM adapter state
o    Show VLAN mode: 

Get-VMNetworkAdapterVlan -VMName "testvlan"


o    Expect Trunk, AllowedVlanIdList = 4, NativeVlanId = 2.
3.    Packet capture on host uplink
o    Use a lightweight capture (e.g., Wireshark) on the physical NIC bound to the external vSwitch.
o    Expected outbound frames to external targets carry 802.1Q tag 4 when the VM is on VLAN 4; replies should also arrive with tag 4.
o    If tags are missing outbound: host/driver offload or vSwitch config is stripping tags.
o    If tags arrive but no replies: upstream switch isn’t forwarding VLAN 4 or has ACLs/VRFs blocking.
4.    Switch-side verification
o    Show interface trunk status: confirm VLAN 4 is permitted and not pruned.
o    Native/PVID: if you set NativeVlanId 2, ensure the switch port’s native/PVID is 2; consider removing native VLAN usage and operate all VM traffic as tagged to simplify.
5.    Eliminate guest NIC VLAN conflicts
o    If the guest OS NIC driver has VLAN features enabled, choose one of these patterns: 
    Hyper V tags, guest untagged: VM NIC untagged, Hyper V vNIC trunk adds/removes tags based on port setting.
    Guest tags, Hyper V pass through: Set VM’s Hyper V vNIC to trunk but do not set a native; let the guest NIC tag VLAN 4.
o    Avoid double configuration that leads to double tag or unexpected untagged frames.
6.    Test without NativeVlanId
o    Temporarily remove the native VLAN to reduce ambiguity: 

Set-VMNetworkAdapterVlan -VMName "testvlan" -Trunk -AllowedVlanIdList 4


o    Ensure the switch port has no native VLAN expectations for this traffic.
7.    Driver/offload sanity check
o    Temporarily disable VLAN offload features on the physical NIC. Some drivers mishandle 802.1Q with certain offloads enabled.
o    Update NIC drivers/firmware; known issues can present exactly as “works intra-host, breaks off-host.”

Resources