Explanation/Reference:
Explanation:
MAC spoofing
The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another network device.
A user may wish to legitimately spoof the MAC address of a previous hardware device in order to reacquire connectivity after hardware failure.
If a malicious VM starts sending out packets with a MAC address owned by another machine, it causes the switch to re-learn. This in turn can cause DoS (Denial of Service) attacks, and the potential for the malicious virtual machine to see packets which weren't destined for it. Hence, in our security recommendations, we state that as a security best practice, you should consider (in Hyper-V v1 at least) placing virtual machines of similar security integrity level on the same virtual switch and not share the switch with virtual machines of a different security integrity level.
In Windows Server 2008 R2, we introduced several changes in the switch to make it smarter. Each virtual switch port has a new property (exposed in our VMI model as AllowMacSpoofing), which is off by default.
We also expose this property in the settings page for a virtual machine. Note that to see this setting, you must be using the UI from Windows Server 2008 R2 or RSAT in Windows 7 Client.

References: http://blogs.technet.com/b/jhoward/archive/2009/05/21/new-in-hyper-v-windows-server-2008- r2-part-2-macspoofing.aspx