Create a virtual network using the Azure CLI

An Azure virtual network (VNet) is a representation of your own network in the cloud. You can control your Azure network settings and define DHCP address blocks, DNS settings, security policies, and routing. You can also further segment your VNet into subnets and deploy Azure IaaS virtual machines (VMs) and PaaS role instances, in the same way you can deploy physical and virtual machines to your on-premises datacenter. In essence, you can expand your network to Azure, bringing your own IP address blocks. Read the virtual network overview if you are not familiar with VNets.

Azure has two deployment models: Azure Resource Manager and classic. Microsoft recommends creating resources through the Resource Manager deployment model. To learn more about the differences between the two models, read the Understand Azure deployment models article.

You can also create a virtual network through Resource Manager using other tools, or create a virtual network through the classic deployment model, by selecting a different option from the following list:


To better illustrate how to create a VNet and subnets, this document will use the scenario below.

VNet scenario

In this scenario you will create a VNet named TestVNet with a reserved CIDR block of Your VNet will contain the following subnets:

  • FrontEnd, using as its CIDR block.
  • BackEnd, using as its CIDR block.

Create a virtual network

To create a virtual network using the Azure CLI, complete the following steps:

  1. Install and configure the latest Azure CLI 2.0 and log in to an Azure account using az login.

  2. Create a resource group for your VNet using the az group create command with the --name and --location arguments:

    az group create --name TestRG --location centralus
  3. Create a VNet and a subnet:

    az network vnet create \
    --name TestVNet \
    --resource-group TestRG \
    --location centralus \
    --address-prefix \
    --subnet-name FrontEnd \

    Expected output:

        "newVNet": {
            "addressSpace": {
            "addressPrefixes": [
            "dhcpOptions": {
            "dnsServers": []
            "provisioningState": "Succeeded",
            "resourceGuid": "<guid>",
            "subnets": [
                "etag": "W/\"<guid>\"",
                "id": "/subscriptions/<guid>/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/FrontEnd",
                "name": "FrontEnd",
                "properties": {
                "addressPrefix": "",
                "provisioningState": "Succeeded"
                "resourceGroup": "TestRG"

    Parameters used:

    • --name TestVNet: Name of the VNet to be created.
    • --resource-group TestRG: # The resource group name that controls the resource.
    • --location centralus: The location into which to deploy.
    • --address-prefix The address prefix and block.
    • --subnet-name FrontEnd: The name of the subnet.
    • --subnet-prefix The address prefix and block.

      To list the basic information to use in the next command, you can query the VNet using a query filter:

      az network vnet list --query '[?name==`TestVNet`].{Where:location,Name:name,Group:resourceGroup}' -o table

      Which produces the following output:

      Where Name Group

      centralus TestVNet TestRG

  4. Create a subnet:

    az network vnet subnet create \
    --address-prefix \
    --name BackEnd \
    --resource-group TestRG \
    --vnet-name TestVNet

    Expected output:

    "addressPrefix": "",
    "etag": "W/\"<guid> \"",
    "id": "/subscriptions/<guid>/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/BackEnd",
    "ipConfigurations": null,
    "name": "BackEnd",
    "networkSecurityGroup": null,
    "provisioningState": "Succeeded",
    "resourceGroup": "TestRG",
    "resourceNavigationLinks": null,
    "routeTable": null

    Parameters used:

    • --address-prefix Subnet CIDR block.
    • --name BackEnd: Name of the new subnet.
    • --resource-group TestRG: The resource group.
    • --vnet-name TestVNet: The name of the owning VNet.
  5. Query the properties of the new VNet:

    az network vnet show \
    -g TestRG \
    -n TestVNet \
    --query '{Name:name,Where:location,Group:resourceGroup,Status:provisioningState,SubnetCount:subnets | length(@)}' \
    -o table

    Expected output:

     Name      Where      Group    Status       SubnetCount
     TestVNet  centralus  TestRG   Succeeded              2
  6. Query the properties of the subnets:

    az network vnet subnet list \
    -g TestRG \
    --vnet-name testvnet \
    --query '[].{Name:name,CIDR:addressPrefix,Status:provisioningState}' \
    -o table

    Expected output:

     Name      CIDR            Status
     FrontEnd  Succeeded
     BackEnd  Succeeded

Next steps

Learn how to connect: