Back to Blog
AzureAzure CLINetworkingDevOpsTutorial

Configuring Virtual Networks with Azure CLI

Complete tutorial about az network vnet create in Azure CLI. Learn VNets, subnets, NSGs.

Daniel Urbano
October 19, 2025
8 min read
Configuring Virtual Networks with Azure CLI

Configuring Virtual Networks with Azure CLI

Introduction

Azure Virtual Networks (VNets) are crucial for establishing a secure and private communication channel within Azure's cloud infrastructure. Using the az network vnet create command, you can create VNets that allow Azure resources like virtual machines (VMs) to communicate with each other, the internet, and on-premises networks. This command is essential for setting up your cloud architecture, enabling you to segment your network into manageable subnets and apply Network Security Groups (NSGs) to control traffic.

Whether you're building a secure application environment, connecting on-premises systems to the cloud, or setting up hybrid solutions, mastering Azure VNets through the CLI is indispensable. This tutorial will guide you through the entire process of configuring VNets, creating subnets, and managing NSGs, helping you understand the underlying concepts and practical applications.

Prerequisites

Before diving into the configuration, ensure you have the following:

  1. Azure CLI: Install the Azure CLI on your local machine. You can download it from here.
  2. Azure Subscription: You need an active Azure subscription. If you don't have one, you can create a free account here.
  3. Permissions: Ensure you have the necessary permissions to create VNets and NSGs in your Azure subscription.
  4. Authentication: Log in to your Azure account using the command:
    az login

Fundamental Concepts

  • Virtual Network (VNet): A logical representation of your private network within the Azure cloud. VNets enable Azure resources to communicate securely.
  • Subnet: A segment of a VNet that allows you to partition your network into smaller, manageable sections. Each subnet can have its own address range.
  • Network Security Group (NSG): A set of rules that allows or denies network traffic to and from Azure resources. NSGs can be associated with subnets or individual network interfaces.

Understanding these concepts is crucial for effective network management in Azure.

Command Syntax

The basic syntax for creating a virtual network is as follows:

az network vnet create --name <VNetName> --resource-group <ResourceGroupName> [--address-prefix <AddressPrefix>] [--subnet-name <SubnetName>] [--subnet-prefix <SubnetPrefix>] [other parameters]
Parameter Description
--name or -n The name of the virtual network (VNet).
--resource-group or -g The name of the resource group in which to create the VNet.
--address-prefix Address space for the VNet in CIDR format (e.g., 10.0.0.0/16).
--subnet-name Name of the new subnet to create within the VNet.
--subnet-prefix Address prefix for the new subnet in CIDR format (e.g., 10.0.0.0/24).
--location or -l Azure region where the VNet will be created.
--tags Space-separated tags in the format key[=value].

Practical Examples

1. Create a Basic Virtual Network

az network vnet create --name MyVNet --resource-group MyResourceGroup --address-prefix 10.0.0.0/16

Creates a VNet named "MyVNet" with an address prefix of 10.0.0.0/16.

2. Create a VNet with a Subnet

az network vnet create --name MyVNet --resource-group MyResourceGroup --address-prefix 10.0.0.0/16 --subnet-name MySubnet --subnet-prefix 10.0.0.0/24

Creates a VNet named "MyVNet" with a subnet "MySubnet" that has an address prefix of 10.0.0.0/24.

3. View the Created VNet

az network vnet show --name MyVNet --resource-group MyResourceGroup

Displays the properties of the VNet "MyVNet".

4. List All VNets in a Resource Group

az network vnet list --resource-group MyResourceGroup --output table

Lists all VNets in the specified resource group in a table format.

5. Create a VNet with Multiple Subnets

az network vnet create --name MyVNet --resource-group MyResourceGroup --address-prefix 10.0.0.0/16 --subnet-name Subnet1 --subnet-prefix 10.0.0.0/24 --subnet-name Subnet2 --subnet-prefix 10.0.1.0/24

Creates a VNet with two subnets: "Subnet1" and "Subnet2".

6. Create a VNet with a Network Security Group

az network vnet create --name MyVNet --resource-group MyResourceGroup --address-prefix 10.0.0.0/16 --subnet-name MySubnet --subnet-prefix 10.0.0.0/24 --network-security-group MyNSG

Creates a VNet and associates it with an existing Network Security Group (NSG) "MyNSG".

7. Update an Existing VNet

az network vnet update --name MyVNet --resource-group MyResourceGroup --tags Environment=Production

Updates the tags for "MyVNet" to include an "Environment" tag set to "Production".

8. Delete a VNet

az network vnet delete --name MyVNet --resource-group MyResourceGroup

Deletes the specified VNet.

Real-World Use Cases

Scenario 1: Secure Application Deployment

In an enterprise environment, you can create a VNet to host multiple applications, each in its own subnet. By using NSGs, you can control access between these applications and limit internet exposure.

Scenario 2: Hybrid Cloud Solutions

Businesses often need to connect their on-premises data centers to the cloud. By setting up a VNet with a VPN Gateway, organizations can securely extend their networks to the Azure cloud, allowing for seamless data transfer and application integration.

Scenario 3: Multi-Tier Architecture

For applications requiring high availability and security, you can design a multi-tier architecture. Each tier (e.g., web, application, and database) can reside in separate subnets, with NSGs regulating traffic flow between them, ensuring that sensitive data is protected.

Best Practices

  1. Use Address Spaces Wisely: Plan your address spaces to avoid overlaps with other VNets or on-premises networks.
  2. Implement NSGs: Always apply NSGs to subnets and individual network interfaces to enhance security.
  3. Monitor Network Traffic: Enable NSG flow logs to capture and analyze traffic patterns.
  4. Optimize Subnet Sizes: Choose subnet sizes based on your anticipated needs, avoiding overly large or small allocations.
  5. Regularly Review Security Rules: Audit your NSGs and other security settings to ensure they meet your organization's security policies.

Common Errors

Error 1: Resource Group Not Found

Resource group 'MyResourceGroup' not found.

Solution: Ensure the specified resource group exists. Create it using az group create if necessary.

Error 2: Address Prefix Overlap

Address prefix '10.0.0.0/16' overlaps with existing address space.

Solution: Choose a different address prefix that does not overlap with existing VNets.

Error 3: Invalid Subnet Prefix

Invalid subnet prefix format.

Solution: Ensure the subnet prefix follows CIDR notation (e.g., 10.0.0.0/24).

Error 4: NSG Not Found

Network security group 'MyNSG' not found.

Solution: Ensure the NSG exists in the specified resource group before associating it with the VNet.

Related Commands

Command Description
az network vnet subnet create Create a subnet within a VNet.
az network nsg create Create a new Network Security Group.
az network vnet peering create Create a peering connection between VNets.
az network vnet list List all VNets in a resource group.

Automation Script

Here’s a bash script to automate the creation of a VNet with a subnet and an NSG:

#!/bin/bash

# Variables
RESOURCE_GROUP="MyResourceGroup"
LOCATION="eastus"
VNET_NAME="MyVNet"
SUBNET_NAME="MySubnet"
ADDRESS_PREFIX="10.0.0.0/16"
SUBNET_PREFIX="10.0.0.0/24"
NSG_NAME="MyNSG"

# Create Resource Group
az group create --name $RESOURCE_GROUP --location $LOCATION

# Create VNet and Subnet
az network vnet create --name $VNET_NAME --resource-group $RESOURCE_GROUP --address-prefix $ADDRESS_PREFIX --subnet-name $SUBNET_NAME --subnet-prefix $SUBNET_PREFIX

# Create NSG
az network nsg create --resource-group $RESOURCE_GROUP --name $NSG_NAME

echo "VNet and subnet created successfully!"

Conclusion

In this tutorial, we covered how to create and manage Azure VNets using the Azure CLI. By understanding the fundamental concepts, command syntax, and practical examples, you can now effectively configure your network architecture in Azure. As you progress, consider exploring more advanced features like VNet peering and integration with other Azure services.

References

Feel free to reach out with any questions as you continue your journey with Azure networking! 🚀