Create a virtual network (classic) with multiple subnets
Azure has two different deployment models for creating and working with resources: Resource Manager and classic. This article covers using the classic deployment model. Microsoft recommends creating most new virtual networks through the Resource Manager deployment model.
In this tutorial, learn how to create a basic Azure virtual network (classic) that has separate public and private subnets. You can create Azure resources, like Virtual machines and Cloud services in a subnet. Resources created in virtual networks (classic) can communicate with each other, and with resources in other networks connected to a virtual network.
Virtual networks (classic) are immediately deleted by Azure when a subscription is disabled. Virtual networks (classic) are deleted regardless of whether resources exist in the virtual network. If you later re-enable the subscription, resources that existed in the virtual network must be recreated.
- In an Internet browser, go to the Azure portal. Log in using your Azure account. If you don't have an Azure account, you can sign up for a free trial.
- Click Create a resource in the portal.
- Enter Virtual network in the Search the Marketplace box at the top of the New pane that appears. Click Virtual network when it appears in the search results.
- Select Classic in the Select a deployment model box in the Virtual Network pane that appears, then click Create.
Enter the following values on the Create virtual network (classic) pane and then click Create:
Setting Value Name myVnet Address space 10.0.0.0/16 Subnet name Public Subnet address range 10.0.0.0/24 Resource group Leave Create new selected, and then enter myResourceGroup. Subscription and location Select your subscription and location.
- In the portal, you can create only one subnet when you create a virtual network. In this tutorial, you create a second subnet after you create the virtual network. You might later create Internet-accessible resources in the Public subnet. You also might create resources that aren't accessible from the Internet in the Private subnet. To create the second subnet, enter myVnet in the Search resources box at the top of the page. Click myVnet when it appears in the search results.
- Click Subnets (in the SETTINGS section) on the Create virtual network (classic) pane that appears.
- Click +Add on the myVnet - Subnets pane that appears.
- Enter Private for Name on the Add subnet pane. Enter 10.0.1.0/24 for Address range. Click OK.
- On the myVnet - Subnets pane, you can see the Public and Private subnets that you created.
- Optional: When you finish this tutorial, you might want to delete the resources that you created, so that you don't incur usage charges:
- Click Overview on the myVnet pane.
- Click the Delete icon on the myVnet pane.
- To confirm the deletion, click Yes in the Delete virtual network box.
- You can either install and configure the Azure CLI, or use the CLI within the Azure Cloud Shell. The Azure Cloud Shell is a free Bash shell that you can run directly within the Azure portal. It has the Azure CLI preinstalled and configured to use with your account. To get help for CLI commands, type
azure <command> --help.
In a CLI session, log in to Azure with the command that follows. If you click Try it in the box below, a Cloud Shell opens. You can log in to your Azure subscription, without entering the following command:
To ensure the CLI is in Service Management mode, enter the following command:
azure config mode asm
Create a virtual network with a private subnet:
azure network vnet create --vnet myVnet --address-space 10.0.0.0 --cidr 16 --subnet-name Private --subnet-start-ip 10.0.0.0 --subnet-cidr 24 --location "East US"
Create a public subnet within the virtual network:
azure network vnet subnet create --name Public --vnet-name myVnet --address-prefix 10.0.1.0/24
Review the virtual network and subnets:
azure network vnet show --vnet myVnet
Optional: You might want to delete the resources that you created when you finish this tutorial, so that you don't incur usage charges:
azure network vnet delete --vnet myVnet --quiet
Though you can't specify a resource group to create a virtual network (classic) in using the CLI, Azure creates the virtual network in a resource group named Default-Networking.
- Install the latest version of the PowerShell Azure module. If you're new to Azure PowerShell, see Azure PowerShell overview.
- Start a PowerShell session.
- In PowerShell, log in to Azure by entering the
Change the following path and filename, as appropriate, then export your existing network configuration file:
Get-AzureVNetConfig -ExportToFile c:\azure\NetworkConfig.xml
To create a virtual network with public and private subnets, use any text editor to add the VirtualNetworkSite element that follows to the network configuration file.
<VirtualNetworkSite name="myVnet" Location="East US"> <AddressSpace> <AddressPrefix>10.0.0.0/16</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="Private"> <AddressPrefix>10.0.0.0/24</AddressPrefix> </Subnet> <Subnet name="Public"> <AddressPrefix>10.0.1.0/24</AddressPrefix> </Subnet> </Subnets> </VirtualNetworkSite>
Review the full network configuration file schema.
Import the network configuration file:
Set-AzureVNetConfig -ConfigurationPath c:\azure\NetworkConfig.xml
Importing a changed network configuration file can cause changes to existing virtual networks (classic) in your subscription. Ensure you only add the previous virtual network and that you don't change or remove any existing virtual networks from your subscription.
Review the virtual network and subnets:
Get-AzureVNetSite -VNetName "myVnet"
Optional: You might want to delete the resources that you created when you finish this tutorial, so that you don't incur usage charges. To delete the virtual network, complete steps 4-6 again, this time removing the VirtualNetworkSite element you added in step 5.
Though you can't specify a resource group to create a virtual network (classic) in using PowerShell, Azure creates the virtual network in a resource group named Default-Networking.
- To learn about all virtual network and subnet settings, see Manage virtual networks and Manage virtual network subnets. You have various options for using virtual networks and subnets in a production environment to meet different requirements.
- To filter inbound and outbound subnet traffic, create and apply network security groups to subnets.
- Create a Windows or a Linux virtual machine, and then connect it to an existing virtual network.
- To connect two virtual networks in the same Azure location, create a virtual network peering between the virtual networks. You can peer a virtual network (Resource Manager) to a virtual network (classic), but you cannot create a peering between two virtual networks (classic).
- Connect the virtual network to an on-premises network by using a VPN Gateway or Azure ExpressRoute circuit.