Share via

Hyper-V, External Virtual Switch, managing of MAC addresses

Pejchinoski Dejan 0 Reputation points
2026-03-02T13:15:05.17+00:00

I have installed a Ubuntu VM in Hyper -V. The VM is configured with an External Network Switch, to which an Ethernet cable is connected, with the peer being another PC running Windows. Communication between the two machines is possible.

If I however change the MAC address of the external network interface in Ubuntu from say 00:15:5d:0e:b8:18 to 00:15:5d:0e:b8:19 (ip link set dev __ address __), the packets don't pass, and communication can't be established.

  1. Why is this the case ?
  2. Does the MAC address has to be kept fixed to the value as originally configured on bootup ?
  3. How is changing the MAC address to the interface handled internally by Hyper-V Virtual Switch?
  4. How to allow packets to pass this network interface, regardless of the configured MAC address ?

Question 4 is the most important here for me, as the final use case is a bit different than the testing setup described above, namely:

The peer Windows PC runs only the TwinCAT software. I want to substitute this with a Windows VM inside Hyper-V, so that the two VMs can communicate to each other (... with private switch in this scenario). The exact same setup runs when using VMs with VirtualBox, but fails in Hyper-V. The only difference that I noticed is the one described above, hence the question.

Note: Running TwinCAT in "Run mode" on my host PC does not work, due to it clashing with Hyper-V components.

System Center Virtual Machine Manager
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pejchinoski Dejan 0 Reputation points
    2026-03-03T07:09:44.5+00:00

    Although as the original question was phrased, it pointed out that "MAC spoofing" was the Network Adapter feature that'll solve the issue. This wasn't the case, nor did the following two options help:

    • Virtual machine queue (disabling it)
    • Protected network (disabling it)

    At this point, I'm not sure whether the problem lies on the Hyper-V side, or on the TwinCAT side. Nonetheless, a suggestion (even if the problem may be on the TwinCAT side) would be appreciated.

    0 comments
  2. Q&A Assist
    2026-03-02T13:15:30.93+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more
    1. Reason packets stop when changing the MAC inside Ubuntu

    Hyper-V virtual switches enforce that a VM’s virtual network adapter only sends traffic with the MAC address that Hyper-V has assigned to that adapter. When the guest OS changes the NIC’s MAC to something else, the Hyper-V virtual switch drops those frames instead of forwarding them. This is part of the security and isolation behavior of the Hyper-V Virtual Switch and its extensible switch model.

    The VM network adapter is exposed by Hyper-V to the guest, and the Hyper-V extensible switch connects that adapter to the switch port. The switch expects traffic from the MAC it has configured for that adapter; spoofed or changed MACs are treated as invalid and are not forwarded.

    1. Does the MAC have to stay fixed?

    By default, yes. Hyper-V assigns a MAC address (static or dynamic) to each virtual network adapter, and that is the MAC the switch will accept and forward for that adapter. Changing the MAC inside the guest without corresponding configuration on the Hyper-V side causes the behavior observed (traffic dropped).

    Hyper-V supports static and dynamic MAC addresses on virtual network adapters, but the configured MAC is managed on the host side, not arbitrarily from inside the guest.

    1. How Hyper-V handles MAC changes internally

    Internally, the Hyper-V VM network adapter is a virtual NIC that is connected to an extensible switch port. The VM network adapter:

    • Is created and exposed to the guest when the child partition starts.
    • Is associated with a specific MAC address configured in Hyper-V.
    • Forwards packets to and from the extensible switch over VMBus.

    The Hyper-V extensible switch enforces policy on that port, including MAC address and security/isolation rules. When the guest changes the MAC address at the OS level, Hyper-V does not automatically update the VM network adapter’s configured MAC; instead, the switch continues to treat the original MAC as valid and drops traffic that appears to be from a different MAC.

    1. How to allow packets regardless of the configured MAC address

    To allow traffic when the guest needs to use a specific or changing MAC address, configure the MAC behavior on the Hyper-V side rather than only inside the guest:

    • Assign a static MAC address to the VM’s virtual network adapter in Hyper-V that matches the MAC required by the application or protocol.
    • Ensure the guest uses that same MAC (or does not override it).

    Hyper-V virtual network adapters support:

    • Static or dynamic MAC addresses.
    • MAC address spoofing (for scenarios such as network testing or security analysis).

    For scenarios where the guest must send traffic with a different MAC than the one normally assigned (for example, protocols that use virtual MACs or multiple MACs), enable MAC address spoofing on the virtual network adapter in Hyper-V. This allows the VM to send traffic with other source MAC addresses and have it forwarded by the virtual switch.

    In the described TwinCAT scenario where one VM needs to behave like a specific device with a particular MAC, configure the VM’s virtual network adapter with a static MAC in Hyper-V that matches what TwinCAT expects, and enable MAC address spoofing if TwinCAT or the guest OS needs to manipulate MAC addresses beyond that single value.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.