When I was configuring a Gateway Server for SCMDM I ran into a little snag. The Gateway Server needs to have two network interfaces connected to different subnets. But my Gateway was installed on a virtual server where the physical server only has one NIC. So how do you go about solving this? Short answer: VLAN tagging. Long answer: here’s how:

The first thing to do is configure your switch. (Implying that you have a managed switch.) I’ve configured 3 subnets on my switch – LAN, WAN & DMZ. Here’s the configuration for the port the physical server is connected to:

Obviously the details depend on your brand of switch. Mine is a 3Com Baseline 2924-SFP Plus. I assign the port untagged membership to the DMZ subnet, and a tagged membership to the WAN, Untagged membership is the subnet you will be assigned to by default, as long as you don’t specify otherwise. On the 3Com a single port can only have 1 untagged membership. The tagged membership are the options available for connecting to other subnets, and you may have multiple items configured here. So with this in mind I thought that running Hyper-V as the virtualization platform I might be able to exploit this functionality. (Virtual Server/Virtual PC does not support this. I don’t know the details for VMWare.)

This is what my network configuration for Hyper-V looks like:

The settings for my Gateway Server – interface one. Notice that I don’t assign a VLAN tag here, which means this interface will use the default; AKA DMZ.

The second interface – notice how this has a VLAN ID enabled, in this case resolving to the WAN.

And logging on the Gateway Server your “Network Connections”-panel will look like this:

A few clarifications are in order:
- Do not enable the VLAN id on the interface that will be connected to the untagged membership subnet. My switch handles this as an error in logic, and it will not work.
- I have not enabled VLAN for the parent partition as the physical interface only cares about it’s untagged membership and it’s not required for the virtual ones to operate as designed.
- Read the manual for your switch if you’re not comfortable with VLANs so you don’t end up in a situation where you mess up your different subnets until you can’t get any connectivity at all.
- This is only intended for scenarios with different virtual interfaces mapping to different subnets. It is not necessary for setting up multiple virtual interfaces connected to the same subnet.
- It may or may not be acceptable security-wise to”bundle” subnets in this manner. You lose a layer of separation doing this.

SCMDM does not support virtualization for production environments yet, but at any rate I find it to be a neat little trick for your lab/demo purposes. (Of for other products that do support virtualization, and does not generate a heavy load on the network interfaces.)