Quickstart: Create a virtual network using the Azure CLI

A virtual network enables Azure resources, like virtual machines (VMs), to communicate privately with each other, and with the internet. In this quickstart, you learn how to create a virtual network. After creating a virtual network, you deploy two VMs into the virtual network. You then connect to the VMs from the internet, and communicate privately over the new virtual network.

If you don't have an Azure subscription, create a free account now.

Use Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. Cloud Shell lets you use either bash or PowerShell to work with Azure services. You can use the Cloud Shell pre-installed commands to run the code in this article without having to install anything on your local environment.

To launch Azure Cloud Shell:

Option Example/Link
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell. Example of Try It for Azure Cloud Shell
Go to https://shell.azure.com or select the Launch Cloud Shell button to open Cloud Shell in your browser.
Select the Cloud Shell button on the top-right menu bar in the Azure portal. Cloud Shell button in the Azure portal

To run the code in this article in Azure Cloud Shell:

  1. Launch Cloud Shell.
  2. Select the Copy button on a code block to copy the code.
  3. Paste the code into the Cloud Shell session with Ctrl+Shift+V on Windows and Linux, or Cmd+Shift+V on macOS.
  4. Press Enter to run the code.

If you decide to install and use Azure CLI locally instead, this quickstart requires you to use Azure CLI version 2.0.28 or later. To find your installed version, run az --version. See Install Azure CLI for install or upgrade info.

Create a resource group and a virtual network

Before you can create a virtual network, you have to create a resource group to host the virtual network. Create a resource group with az group create. This example creates a resource group named myResourceGroup in the eastus location:

az group create --name myResourceGroup --location eastus

Create a virtual network with az network vnet create. This example creates a default virtual network named myVirtualNetwork with one subnet named default:

az network vnet create \
  --name myVirtualNetwork \
  --resource-group myResourceGroup \
  --subnet-name default

Create virtual machines

Create two VMs in the virtual network.

Create the first VM

Create a VM with az vm create. If SSH keys don't already exist in a default key location, the command creates them. To use a specific set of keys, use the --ssh-key-value option. The --no-wait option creates the VM in the background, so that you can continue to the next step. This example creates a VM named myVm1:

az vm create \
  --resource-group myResourceGroup \
  --name myVm1 \
  --image UbuntuLTS \
  --generate-ssh-keys \
  --no-wait

Create the second VM

Since you used the --no-wait option in the previous step, you can go ahead and create the second VM named myVm2.

az vm create \
  --resource-group myResourceGroup \
  --name myVm2 \
  --image UbuntuLTS \
  --generate-ssh-keys

Azure CLI output message

The VMs take a few minutes to create. After Azure creates the VMs, the Azure CLI returns output like this:

{
  "fqdns": "",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVm2",
  "location": "eastus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.5",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "myResourceGroup"
  "zones": ""
}

Take note of the publicIpAddress. You will use this address to connect to the VM from the internet in the next step.

Connect to a VM from the internet

In this command, replace <publicIpAddress> with the public IP address of your myVm2 VM:

ssh <publicIpAddress>

Communicate between VMs

To confirm private communication between the myVm2 and myVm1 VMs, enter this command:

ping myVm1 -c 4

You'll receive four replies from 10.0.0.4.

Exit the SSH session with the myVm2 VM.

Clean up resources

When no longer needed, you can use az group delete to remove the resource group and all the resources it has:

az group delete --name myResourceGroup --yes

Next steps

In this quickstart, you created a default virtual network and two VMs. You connected to one VM from the internet and communicated privately between the two VMs. To learn more about virtual network settings, see Manage a virtual network.

Azure lets unrestricted private communication between VMs. By default, Azure only lets inbound remote desktop connections to Windows VMs from the internet. To learn more about configuring different types of VM network communications, go to the Filter network traffic tutorial.