建立、變更或刪除網路介面Create, change, or delete a network interface

了解如何建立網路介面、變更其設定和刪除網路介面。Learn how to create, change settings for, and delete a network interface. 網路介面可讓 Azure 虛擬機器與網際網路、Azure 以及內部部署資源進行通訊。A network interface enables an Azure Virtual Machine to communicate with internet, Azure, and on-premises resources. 在使用 Azure 入口網站建立虛擬機器時,入口網站會以預設設定為您建立一個網路介面。When creating a virtual machine using the Azure portal, the portal creates one network interface with default settings for you. 您可以改為選擇使用自訂設定建立網路介面,並在建立虛擬機器時新增一或多個網路介面。You may instead choose to create network interfaces with custom settings and add one or more network interfaces to a virtual machine when you create it. 您可能也想變更現有網路介面的預設網路介面設定。You may also want to change default network interface settings for an existing network interface. 本文說明如何以自訂設定建立網路介面、變更現有的設定 (例如,網路篩選 (網路安全性群組) 指派、子網路指派、DNS 伺服器設定和 IP 轉送),以及刪除網路介面。This article explains how to create a network interface with custom settings, change existing settings, such as network filter (network security group) assignment, subnet assignment, DNS server settings, and IP forwarding, and delete a network interface.

如果您需要新增、變更或移除網路介面的 IP 位址,請參閱管理 IP 位址If you need to add, change, or remove IP addresses for a network interface, see Manage IP addresses. 如果您需要新增或移除虛擬機器的網路介面,請參閱新增或移除網路介面If you need to add network interfaces to, or remove network interfaces from virtual machines, see Add or remove network interfaces.

開始之前Before you begin

注意

本文已更新為使用新的 Azure PowerShell Az 模組。This article has been updated to use the new Azure PowerShell Az module. AzureRM 模組在至少 2020 年 12 月之前都還會持續收到錯誤 (Bug) 修正,因此您仍然可以持續使用。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要深入了解新的 Az 模組和 AzureRM 的相容性,請參閱新的 Azure PowerShell Az 模組簡介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 如需 Az 模組安裝指示,請參閱安裝 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

在完成本文任一節的步驟之前,請先完成下列工作︰Complete the following tasks before completing steps in any section of this article:

  • 如果您還沒有 Azure 帳戶,請註冊免費試用帳戶If you don't already have an Azure account, sign up for a free trial account.
  • 如果使用入口網站,請開啟 https://portal.azure.com,並使用您的 Azure 帳戶來登入。If using the portal, open https://portal.azure.com, and log in with your Azure account.
  • 如果使用 PowerShell 命令來完成這篇文章中的工作,請在 Azure Cloud Shell (英文) 中執行命令,或從您的電腦執行 PowerShell。If using PowerShell commands to complete tasks in this article, either run the commands in the Azure Cloud Shell, or by running PowerShell from your computer. Azure Cloud Shell 是免費的互動式 Shell,可讓您用來執行本文中的步驟。The Azure Cloud Shell is a free interactive shell that you can use to run the steps in this article. 它具有預先安裝和設定的共用 Azure 工具,可與您的帳戶搭配使用。It has common Azure tools preinstalled and configured to use with your account. 本教學課程需要 Azure PowerShell 模組 1.0.0 版或更新版本。This tutorial requires the Azure PowerShell module version 1.0.0 or later. 執行 Get-Module -ListAvailable Az 來了解安裝的版本。Run Get-Module -ListAvailable Az to find the installed version. 如果您需要升級,請參閱安裝 Azure PowerShell 模組If you need to upgrade, see Install Azure PowerShell module. 如果您在本機執行 PowerShell,則也需要執行 Connect-AzAccount 以建立與 Azure 的連線。If you are running PowerShell locally, you also need to run Connect-AzAccount to create a connection with Azure.
  • 如果使用命令列介面 (CLI) 命令來完成這篇文章中的工作,請在 Azure Cloud Shell (英文) 中執行命令,或從您的電腦執行 CLI。If using Azure Command-line interface (CLI) commands to complete tasks in this article, either run the commands in the Azure Cloud Shell, or by running the CLI from your computer. 本教學課程需要 Azure CLI 2.0.28 版或更新版本。This tutorial requires the Azure CLI version 2.0.28 or later. 執行 az --version 來了解安裝的版本。Run az --version to find the installed version. 如果您需要安裝或升級,請參閱安裝 Azure CLIIf you need to install or upgrade, see Install Azure CLI. 如果您在本機執行 Azure CLI,則也需要執行 az login 以建立與 Azure 的連線。If you are running the Azure CLI locally, you also need to run az login to create a connection with Azure.

您登入或連線到 Azure 的帳戶必須指派為網路參與者角色,或為已指派權限中所列適當動作的自訂角色The account you log into, or connect to Azure with, must be assigned to the network contributor role or to a custom role that is assigned the appropriate actions listed in Permissions.

建立網路介面Create a network interface

在使用 Azure 入口網站建立虛擬機器時,入口網站會以預設設定為您建立一個網路介面。When creating a virtual machine using the Azure portal, the portal creates a network interface with default settings for you. 如果您想要指定所有網路介面設定,可以使用自訂設定建立網路介面,並在建立虛擬機器時將該網路介面連接到虛擬機器 (使用 PowerShell 或 Azure CLI)。If you'd rather specify all your network interface settings, you can create a network interface with custom settings and attach the network interface to a virtual machine when creating the virtual machine (using PowerShell or the Azure CLI). 您也可以建立網路介面,並將它新增至現有的虛擬機器 (使用 PowerShell 或 Azure CLI)。You can also create a network interface and add it to an existing virtual machine (using PowerShell or the Azure CLI). 若要了解如何使用現有的網路介面建立虛擬機器,或如何新增或移除現有虛擬機器的網路介面,請參閱新增或移除網路介面To learn how to create a virtual machine with an existing network interface or to add to, or remove network interfaces from existing virtual machines, see Add or remove network interfaces. 在建立網路介面之前,用來建立網路介面的相同位置和訂用帳戶中必須已有既存的虛擬網路Before creating a network interface, you must have an existing virtual network in the same location and subscription you create a network interface in.

  1. 在 Azure 入口網站頂端包含「搜尋資源」文字的方塊中,輸入「網路介面」。In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 網路介面出現於搜尋結果時,請選取它。When network interfaces appear in the search results, select it.

  2. 選取 [網路介面] 底下的 [+ 新增]。Select + Add under Network interfaces.

  3. 輸入或選取下列設定的值,然後選取 [建立]:Enter, or select values for the following settings, then select Create:

    設定Setting 必要?Required? 詳細資料Details
    名稱Name Yes 名稱必須是您選取的資源群組中唯一的名稱。The name must be unique within the resource group you select. 在經過一段時間後,您的 Azure 訂用帳戶中可能會有好幾個網路介面。Over time, you'll likely have several network interfaces in your Azure subscription. 如需建立命名慣例以便更輕鬆管理數個網路介面時的建議,請參閱命名慣例For suggestions when creating a naming convention to make managing several network interfaces easier, see Naming conventions. 建立網路介面之後,便無法變更名稱。The name cannot be changed after the network interface is created.
    虛擬網路Virtual network Yes 選取網路介面的虛擬網路。Select the virtual network for the network interface. 您只能將網路介面指派給和網路介面的訂用帳戶和位置相同的虛擬網路。You can only assign a network interface to a virtual network that exists in the same subscription and location as the network interface. 網路介面建立後,即無法變更為它指派的虛擬網路。Once a network interface is created, you cannot change the virtual network it is assigned to. 新增網路介面的虛擬機器必須也位於和網路介面相同的位置和訂用帳戶。The virtual machine you add the network interface to must also exist in the same location and subscription as the network interface.
    子網路Subnet Yes 選取您所選虛擬網路內的子網路。Select a subnet within the virtual network you selected. 在網路介面建立後,您可以變更為它指派的子網路。You can change the subnet the network interface is assigned to after it's created.
    私人 IP 位址指派Private IP address assignment Yes 在此設定中,您選擇的是 IPv4 位址指派方法。In this setting, you're choosing the assignment method for the IPv4 address. 選擇下列任一指派方法︰動態︰ 若選取此選項,Azure 會自動指派您所選子網路位址空間中的下一個可用位址。Choose from the following assignment methods: Dynamic: When selecting this option, Azure automatically assigns the next available address from the address space of the subnet you selected. 靜態︰ 若選取此選項,您必須手動指派所選子網路位址空間中的可用 IP 位址。Static: When selecting this option, you must manually assign an available IP address from within the address space of the subnet you selected. 直到您變更靜態和動態位址或刪除網路介面,位址才會變更。Static and dynamic addresses do not change until you change them or the network interface is deleted. 您可以在建立網路介面後變更指派方法。You can change the assignment method after the network interface is created. Azure DHCP 伺服器會將此位址指派給虛擬機器作業系統內的網路介面。The Azure DHCP server assigns this address to the network interface within the operating system of the virtual machine.
    網路安全性群組Network security group No 保持設為 [無]、選取現有的網路安全性群組建立網路安全性群組Leave set to None, select an existing network security group, or create a network security group. 網路安全性群組可讓您篩選進出網路介面的網路流量。Network security groups enable you to filter network traffic in and out of a network interface. 您可以將網路安全性群組套用至網路介面或不套用。You can apply zero or one network security group to a network interface. 您也可以將網路安全性群組套用至網路介面的目的地子網路或不套用。Zero or one network security group can also be applied to the subnet the network interface is assigned to. 當網路安全性群組套用至網路介面和網路介面的目的地子網路後,有時會發生非預期結果。When a network security group is applied to a network interface and the subnet the network interface is assigned to, sometimes unexpected results occur. 若要為套用至網路介面和子網路的網路安全性群組進行疑難排解,請參閱針對網路安全性群組進行疑難排解To troubleshoot network security groups applied to network interfaces and subnets, see Troubleshoot network security groups.
    訂用帳戶Subscription Yes 選取其中一個 Azure 訂用帳戶Select one of your Azure subscriptions. 連接網路介面的虛擬機器和虛擬機器連線的虛擬網路,必須存在於相同的訂用帳戶。The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same subscription.
    私人 IP 位址 (IPv6)Private IP address (IPv6) No 如果您選取此核取方塊,除了指派給網路介面的 IPv4 位址以外,IPv6 位址也會指派給網路介面。If you select this checkbox, an IPv6 address is assigned to the network interface, in addition to the IPv4 address assigned to the network interface. 如需使用 IPv6 搭配網路介面的重要資訊,請參閱本文的 IPv6 一節。See the IPv6 section of this article for important information about use of IPv6 with network interfaces. 您無法選取 IPv6 位址的指派方法。You cannot select an assignment method for the IPv6 address. 如果您選擇要指派 IPv6 位址,會使用動態方法指派。If you choose to assign an IPv6 address, it is assigned with the dynamic method.
    IPv6 名稱 (只有在核取 [私人 IP 位址 (IPv6)] 核取方塊時才會顯示)IPv6 name (only appears when the Private IP address (IPv6) checkbox is checked) 是,如果核取 [私人 IP 位址 (IPv6)] 核取方塊。Yes, if the Private IP address (IPv6) checkbox is checked. 這個名稱會指派給網路介面的次要 IP 組態。This name is assigned to a secondary IP configuration for the network interface. 若要深入了解 IP 設定,請參閱檢視網路介面設定To learn more about IP configurations, see View network interface settings.
    資源群組Resource group Yes 選取現有的資源群組,或建立一個群組。Select an existing resource group or create one. 網路介面可以位於與其連結的虛擬機器或虛擬機器所連線的虛擬網路相同或不同的資源群組中。A network interface can exist in the same, or different resource group, than the virtual machine you attach it to, or the virtual network you connect it to.
    位置Location Yes 連接網路介面的虛擬機器和虛擬機器連線的虛擬網路,必須存在於相同的地區 (亦稱為區域)。The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same location, also referred to as a region.

當您建立網路介面時,入口網站並未提供將公用 IP 位址指派給網路介面的選項,然而在使用入口網站建立虛擬機器時,入口網站會建立公用 IP 位址,並將它指派給網路介面。The portal doesn't provide the option to assign a public IP address to the network interface when you create it, though the portal does create a public IP address and assign it to a network interface when you create a virtual machine using the portal. 若要了解如何在建立網路介面之後對其新增公用 IP 位址,請參閱管理 IP 位址To learn how to add a public IP address to the network interface after creating it, see Manage IP addresses. 如果您想要建立具有公用 IP 位址的網路介面,就必須使用 CLI 或 PowerShell 來建立網路介面。If you want to create a network interface with a public IP address, you must use the CLI or PowerShell to create the network interface.

入口網站不會提供建立網路介面時將網路介面指派給應用程式安全性群組的選項,但是 Azure CLI 和 PowerShell 會提供。The portal doesn't provide the option to assign the network interface to application security groups when creating a network interface, but the Azure CLI and PowerShell do. 只要網路介面有連接至虛擬機器,您就可以使用入口網站,將現有的網路介面指派給應用程式安全性群組。You can assign an existing network interface to an application security group using the portal however, as long as the network interface is attached to a virtual machine. 若要了解如何將網路介面指派給應用程式安全性群組,請參閱新增到應用程式安全性群組或從中移除To learn how to assign a network interface to an application security group, see Add to or remove from application security groups.

注意

在網路介面連接至虛擬機器和虛擬機器第一次啟動後,Azure 才會指派 MAC 位址給網路介面。Azure assigns a MAC address to the network interface only after the network interface is attached to a virtual machine and the virtual machine is started the first time. 您無法指定 Azure 指派給網路介面的 MAC 位址。You cannot specify the MAC address that Azure assigns to the network interface. 在網路介面遭到刪除或指派給主要網路介面之主要 IP 組態的私人 IP 位址遭到變更之前,MAC 位址會保持指派給網路介面。The MAC address remains assigned to the network interface until the network interface is deleted or the private IP address assigned to the primary IP configuration of the primary network interface is changed. 若要深入了解 IP 位址和 IP 設定,請參閱管理 IP 位址To learn more about IP addresses and IP configurations, see Manage IP addresses

命令Commands

工具Tool 命令Command
CLICLI az network nic createaz network nic create
PowerShellPowerShell New-AzNetworkInterfaceNew-AzNetworkInterface

檢視網路介面設定View network interface settings

您可以在網路介面建立後變更其大部分的設定。You can view and change most settings for a network interface after it's created. 入口網站不會顯示網路介面的 DNS 尾碼或應用程式安全性群組成員資格。The portal does not display the DNS suffix or application security group membership for the network interface. 您可以使用 PowerShell 或 Azure CLI 命令來檢視 DNS 尾碼和應用程式安全性群組成員資格。You can use the PowerShell or Azure CLI commands to view the DNS suffix and application security group membership.

  1. 在 Azure 入口網站頂端包含「搜尋資源」文字的方塊中,輸入「網路介面」。In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 網路介面出現於搜尋結果時,請選取它。When network interfaces appear in the search results, select it.
  2. 從清單中選取您要檢視或變更設定的網路介面。Select the network interface you want to view or change settings for from the list.
  3. 隨即會針對您選取的網路介面列出下列項目:The following items are listed for the network interface you selected:
    • 概觀: 提供網路介面相關資訊︰例如,為它指派的 IP 位址、為網路介面指派的虛擬網路/子網路,以及網路介面連接的虛擬機器 (如有連接)。Overview: Provides information about the network interface, such as the IP addresses assigned to it, the virtual network/subnet the network interface is assigned to, and the virtual machine the network interface is attached to (if it's attached to one). 下圖顯示名為mywebserver256 之網路介面總覽 的網路介面總覽設定。The following picture shows the overview settings for a network interface named mywebserver256: Network interface overview

      您可以選取資源群組或訂用帳戶名稱旁邊的(變更),將網路介面移至不同的資源群組或訂用帳戶。You can move a network interface to a different resource group or subscription by selecting (change) next to the Resource group or Subscription name. 如果您移動網路介面,則必須移動和網路介面相關的所有資源。If you move the network interface, you must move all resources related to the network interface with it. 例如,如果網路介面連接至虛擬機器,您也必須移動虛擬機器和其他虛擬機器相關資源。If the network interface is attached to a virtual machine, for example, you must also move the virtual machine, and other virtual machine-related resources. 若要移動網路介面,請參閱將資源移至新的資源群組或訂用帳戶To move a network interface, see Move resource to a new resource group or subscription. 該文會列出必要條件,以及如何使用 Azure 入口網站、PowerShell 和 Azure CLI 來移動資源。The article lists prerequisites, and how to move resources using the Azure portal, PowerShell, and the Azure CLI.

    • IP 組態︰ 此處列出指派給 IP 組態的公用與私人 IPv4 和 IPv6 位址。IP configurations: Public and private IPv4 and IPv6 addresses assigned to IP configurations are listed here. 如果指派給 IP 組態的是 IPv6 位址,則不會顯示位址。If an IPv6 address is assigned to an IP configuration, the address is not displayed. 若要深入了解 IP 設定以及如何新增和移除 IP 位址,請參閱設定 Azure 網路介面的 IP 位址To learn more about IP configurations and how to add and remove IP addresses, see Configure IP addresses for an Azure network interface. IP 轉送和子網路指派也會在這一節設定。IP forwarding and subnet assignment are also configured in this section. 若要深入了解這些設定,請參閱啟用或停用 IP 轉送變更子網路指派To learn more about these settings, see Enable or disable IP forwarding and Change subnet assignment.

    • DNS 伺服器︰ 您可以指定由 Azure DHCP 伺服器指派給網路介面的 DNS 伺服器。DNS servers: You can specify which DNS server a network interface is assigned by the Azure DHCP servers. 網路介面可以繼承為它指派之虛擬網路中的設定,或可擁有覆寫此設定的自訂設定。The network interface can inherit the setting from the virtual network the network interface is assigned to, or have a custom setting that overrides the setting for the virtual network it's assigned to. 若要修改所顯示的內容,請參閱變更 DNS 伺服器To modify what's displayed, see Change DNS servers.

    • 網路安全性群組 (NSG): 顯示與網路介面相關聯的 NSG (如果有的話)。Network security group (NSG): Displays which NSG is associated to the network interface (if any). NSG 包含輸入和輸出規則,可篩選網路介面的網路流量。An NSG contains inbound and outbound rules to filter network traffic for the network interface. 如果 NSG 與網路介面相關聯,則會顯示相關聯 NSG 的名稱。If an NSG is associated to the network interface, the name of the associated NSG is displayed. 若要修改顯示的內容,請參閱建立或取消與網路安全性群組的關聯To modify what's displayed, see Associate or dissociate a network security group.

    • 屬性︰ 顯示有關網路介面的重要設定,包括其 MAC 位址 (如果網路介面未連結至虛擬機器,則位址會空白) 以及其所在的訂用帳戶。Properties: Displays key settings about the network interface, including its MAC address (blank if the network interface isn't attached to a virtual machine), and the subscription it exists in.

    • 有效安全性規則︰ 如果網路介面已連結至執行中的虛擬機器,而且 NSG 與網路介面、為它指派的子網路或兩者相關聯,則會列出安全性規則。Effective security rules: Security rules are listed if the network interface is attached to a running virtual machine, and an NSG is associated to the network interface, the subnet it's assigned to, or both. 若要深入了解顯示的內容,請參閱檢視有效的安全性規則To learn more about what's displayed, see View effective security rules. 若要深入了解 NSG,請參閱網路安全性群組To learn more about NSGs, see Network security groups.

    • 有效路由︰ 如果網路介面已連結至執行中的虛擬機器,則會列出路由。Effective routes: Routes are listed if the network interface is attached to a running virtual machine. 路由是下列各項的組合:Azure 預設路由、任何使用者定義的路由,以及為網路介面所指派子網路的任何可能 BGP 路由。The routes are a combination of the Azure default routes, any user-defined routes, and any BGP routes that may exist for the subnet the network interface is assigned to. 若要深入了解所顯示的內容,請參閱檢視有效的路由To learn more about what's displayed, see View effective routes. 若要深入了解 Azure 預設路由和使用者定義的路由,請閱讀路由概觀To learn more about Azure default routes and user-defined routes, see Routing overview.

    • 一般 Azure Resource Manager 設定: 若要深入了解一般 Azure Resource Manager 設定,請參閱活動記錄存取控制 (IAM)標記鎖定自動化指令碼Common Azure Resource Manager settings: To learn more about common Azure Resource Manager settings, see Activity log, Access control (IAM), Tags, Locks, and Automation script.

命令Commands

如果指派給網路介面的是 IPv6 位址,PowerShell 輸出會傳回已指派位址的事實,但不會傳回指派的位址。If an IPv6 address is assigned to a network interface, the PowerShell output returns the fact that the address is assigned, but it doesn't return the assigned address. 同樣地,CLI 在其輸出中會傳回已指派位址的事實,但位址則為 nullSimilarly, the CLI returns the fact that the address is assigned, but returns null in its output for the address.

工具Tool 命令Command
CLICLI az network nic list 用以檢視訂用帳戶中的網路介面;az network nic show 用以檢視網路介面的設定az network nic list to view network interfaces in the subscription; az network nic show to view settings for a network interface
PowerShellPowerShell New-aznetworkinterface以查看訂用帳戶中的網路介面或網路介面的視圖設定Get-AzNetworkInterface to view network interfaces in the subscription or view settings for a network interface

變更 DNS 伺服器Change DNS servers

DNS 伺服器是由 Azure DHCP 伺服器指派給虛擬機器作業系統內的網路介面。The DNS server is assigned by the Azure DHCP server to the network interface within the virtual machine operating system. 指派的 DNS 伺服器就是網路介面的任何 DNS 伺服器設定。The DNS server assigned is whatever the DNS server setting is for a network interface. 若要深入了解網路介面的名稱解析設定,請參閱虛擬機器的名稱解析To learn more about name resolution settings for a network interface, see Name resolution for virtual machines. 網路介面可以從虛擬網路繼承設定,或使用它自己的唯一設定來覆寫虛擬網路的設定。The network interface can inherit the settings from the virtual network, or use its own unique settings that override the setting for the virtual network.

  1. 在 Azure 入口網站頂端包含「搜尋資源」文字的方塊中,輸入「網路介面」。In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 網路介面出現於搜尋結果時,請選取它。When network interfaces appear in the search results, select it.
  2. 從清單中選取您要變更 DNS 伺服器的網路介面。Select the network interface that you want to change a DNS server for from the list.
  3. 選取 [設定] 底下的 [DNS 伺服器]。Select DNS servers under SETTINGS.
  4. 選取任一個選項:Select either:
    • 繼承自虛擬網路︰選擇此選項,可針對網路介面所指派的虛擬網路,繼承為虛擬網路所定義的 DNS 伺服器設定。Inherit from virtual network: Choose this option to inherit the DNS server setting defined for the virtual network the network interface is assigned to. 在虛擬網路層級,可定義自訂 DNS 伺服器或 Azure 提供的 DNS 伺服器。At the virtual network level, either a custom DNS server or the Azure-provided DNS server is defined. Azure 提供的 DNS 伺服器可為指派給相同虛擬網路的資源解析其主機名稱。The Azure-provided DNS server can resolve hostnames for resources assigned to the same virtual network. 對於指派給不同虛擬網路的資源,則必須使用 FQDN 來解析。FQDN must be used to resolve for resources assigned to different virtual networks.
    • 自訂︰您可以設定自己的 DNS 伺服器,以解析跨多個虛擬網路的名稱。Custom: You can configure your own DNS server to resolve names across multiple virtual networks. 輸入您要做為 DNS 伺服器之伺服器的 IP 位址。Enter the IP address of the server you want to use as a DNS server. 您指定的 DNS 伺服器位址只會指派給此網路介面,並會覆寫為此網路介面指派的虛擬網路的任何 DNS 設定。The DNS server address you specify is assigned only to this network interface and overrides any DNS setting for the virtual network the network interface is assigned to.

      注意

      如果 VM 使用的 NIC 是可用性設定組的一部分,則會繼承所有屬於可用性設定組的 Nic 之每個 Vm 所指定的所有 DNS 伺服器。If the VM uses a NIC that's part of an availability set, all the DNS servers that are specified for each of the VMs from all NICs that are part of the availability set will be inherited.

  5. 選取 [ 儲存]。Select Save.

命令Commands

工具Tool 命令Command
CLICLI az network nic updateaz network nic update
PowerShellPowerShell 設定-New-aznetworkinterfaceSet-AzNetworkInterface

啟用或停用 IP 轉送Enable or disable IP forwarding

IP 轉送讓網路介面連接的虛擬機器能夠:IP forwarding enables the virtual machine a network interface is attached to:

  • 接收以下網路流量:其目的地不是指派給任何 IP 組態 (已指派給網路介面) 的其中一個 IP 位址。Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.
  • 傳送以下網路流量:其來源 IP 位址不同於指派給其中一個網路介面之 IP 組態的 IP 位址。Send network traffic with a different source IP address than the one assigned to one of a network interface's IP configurations.

對於接收需轉送之流量的虛擬機器,其所連接的每個網路介面,都必須啟用此設定。The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. 無論虛擬機器是連接多個網路介面或連接單一網路介面,都可以轉送流量。A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it. IP 轉送雖然是 Azure 設定,但虛擬機器也必須執行能夠轉送流量的應用程式,例如防火牆、WAN 最佳化及負載平衡應用程式。While IP forwarding is an Azure setting, the virtual machine must also run an application able to forward the traffic, such as firewall, WAN optimization, and load balancing applications. 當虛擬機器執行網路應用程式時,虛擬機器通常稱為網路虛擬設備。When a virtual machine is running network applications, the virtual machine is often referred to as a network virtual appliance. 您可以檢視 Azure Marketplace 中可立即部署的網路虛擬設備清單。You can view a list of ready to deploy network virtual appliances in the Azure Marketplace. IP 轉送通常使用於使用者定義的路由。IP forwarding is typically used with user-defined routes. 若要深入了解使用者定義的路由,請參閱使用者定義的路由To learn more about user-defined routes, see User-defined routes.

  1. 在 Azure 入口網站頂端包含「搜尋資源」文字的方塊中,輸入「網路介面」。In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 網路介面出現於搜尋結果時,請選取它。When network interfaces appear in the search results, select it.
  2. 選取您要啟用或停用 IP 轉送的網路介面。Select the network interface that you want to enable or disable IP forwarding for.
  3. 選取 [設定] 區段中的 [IP 設定]。Select IP configurations in the SETTINGS section.
  4. 選取 [已啟用] 或 [已停用] (預設設定) 來變更設定。Select Enabled or Disabled (default setting) to change the setting.
  5. 選取 [ 儲存]。Select Save.

命令Commands

工具Tool 命令Command
CLICLI az network nic updateaz network nic update
PowerShellPowerShell 設定-New-aznetworkinterfaceSet-AzNetworkInterface

變更子網路指派Change subnet assignment

您可以變更為網路介面指派的子網路 (而非虛擬網路)。You can change the subnet, but not the virtual network, that a network interface is assigned to.

  1. 在 Azure 入口網站頂端包含「搜尋資源」文字的方塊中,輸入「網路介面」。In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 網路介面出現於搜尋結果時,請選取它。When network interfaces appear in the search results, select it.
  2. 從清單中選取您要變更子網路指派的網路介面。Select the network interface that you want to change subnet assignment for.
  3. 選取 [設定] 底下的 [IP 設定]。Select IP configurations under SETTINGS. 如果所列 IP 組態的私人 IP 位址旁邊有 (靜態) 字樣,您必須完成下列步驟以將 IP 位址的指派方法變更為動態。If any private IP addresses for any IP configurations listed have (Static) next to them, you must change the IP address assignment method to dynamic by completing the steps that follow. 您必須使用動態指派方法來指派所有的私人 IP 位址,以便變更網路介面的子網路指派。All private IP addresses must be assigned with the dynamic assignment method to change the subnet assignment for the network interface. 如果您使用動態方法來指派位址,請繼續執行步驟 5。If the addresses are assigned with the dynamic method, continue to step five. 如果您使用靜態指派方法指派了任何 IPv4 位址,請完成下列步驟來將指派方法變更為動態︰If any IPv4 addresses are assigned with the static assignment method, complete the following steps to change the assignment method to dynamic:
    • 從 IP 設定清單中,選取您要變更 IPv4 位址指派方法的 IP 設定。Select the IP configuration you want to change the IPv4 address assignment method for from the list of IP configurations.
    • 針對私人 IP 位址指派方法選取 [動態]。Select Dynamic for the private IP address Assignment method. 您無法使用靜態指派方法指派 IPv6 位址。You cannot assign an IPv6 address with the static assignment method.
    • 選取 [ 儲存]。Select Save.
  4. 從 [子網路] 下拉式清單中,選取要將網路介面移至其中的子網路。Select the subnet you want to move the network interface to from the Subnet drop-down list.
  5. 選取 [ 儲存]。Select Save. 系統就會從新的子網路位址範圍指派新的動態位址。New dynamic addresses are assigned from the subnet address range for the new subnet. 在對新的子網路指派網路介面之後,您可以從新的子網路位址範圍指派靜態 IPv4 位址 (如果您做此選擇的話)。After assigning the network interface to a new subnet, you can assign a static IPv4 address from the new subnet address range if you choose. 若要深入了解如何為網路介面新增、變更和移除 IP 位址,請參閱管理 IP 位址To learn more about adding, changing, and removing IP addresses for a network interface, see Manage IP addresses.

命令Commands

工具Tool 命令Command
CLICLI az network nic ip-config updateaz network nic ip-config update
PowerShellPowerShell 設定-AzNetworkInterfaceIpConfigSet-AzNetworkInterfaceIpConfig

新增到應用程式安全性群組或從中移除Add to or remove from application security groups

如果網路介面是連接至虛擬機器,您只能使用入口網站在應用程式安全性群組中新增或移除網路介面。You can only add a network interface to, or remove a network interface from an application security group using the portal if the network interface is attached to a virtual machine. 無論網路介面是否連接至虛擬機器,您都可以使用 PowerShell 或 Azure CLI 在應用程式安全性群組中新增或移除網路介面。You can use PowerShell or the Azure CLI to add a network interface to, or remove a network interface from an application security group, whether the network interface is attached to a virtual machine or not. 深入了解應用程式安全性群組和如何建立應用程式安全性群組Learn more about Application security groups and how to create an application security group.

  1. 在入口網站頂端的 [搜尋資源、服務和文件] 方塊中,開始輸入您想要在應用程式安全性群組中新增或移除其網路介面的虛擬機器名稱。In the Search resources, services, and docs box at the top of the portal, begin typing the name of a virtual machine that has a network interface that you want to add to, or remove from, an application security group. 當 VM 的名稱出現在搜尋結果中時,請加以選取。When the name of your VM appears in the search results, select it.
  2. 在 [設定] 底下,選取 [網路]。Under SETTINGS, select Networking. 選取 [設定應用程式安全性群組],選取您想要新增網路介面的應用程式安全性群組,或取消選取您想要移除網路介面的應用程式安全性群組,然後選取 [儲存]。Select Configure the application security groups, select the application security groups that you want to add the network interface to, or unselect the application security groups that you want to remove the network interface from, and then select Save. 只有同一個虛擬網路中存在的網路介面可新增到同一個應用程式安全性群組。Only network interfaces that exist in the same virtual network can be added to the same application security group. 應用程式安全性群組必須存在於網路介面所在的同一個位置。The application security group must exist in the same location as the network interface.

命令Commands

工具Tool 命令Command
CLICLI az network nic updateaz network nic update
PowerShellPowerShell 設定-New-aznetworkinterfaceSet-AzNetworkInterface

建立或取消與網路安全性群組的關聯Associate or dissociate a network security group

  1. 在入口網站頂端的搜尋方塊中輸入「網路介面」。In the search box at the top of the portal, enter network interfaces in the search box. 網路介面出現於搜尋結果時,請選取它。When network interfaces appear in the search results, select it.
  2. 在清單中選取您要與網路安全性群組建立關聯 (或取消關聯) 的網路介面。Select the network interface in the list that you want to associate a network security group to, or dissociate a network security group from.
  3. 選取 [設定] 下的 [網路安全性群組]。Select Network security group under SETTINGS.
  4. 選取 [編輯]。Select Edit.
  5. 選取 [網路安全性群組],然後選取您要與網路介面建立關聯的網路安全性群組,或是選取 [無],以取消與網路安全性群組的關聯。Select Network security group and then select the network security group you want to associate to the network interface, or select None, to dissociate a network security group.
  6. 選取 [ 儲存]。Select Save.

命令Commands

刪除網路介面Delete a network interface

只要網路介面未連接至虛擬機器,您便可將它刪除。You can delete a network interface as long as it's not attached to a virtual machine. 如果網路介面已連接至虛擬機器,您必須先讓虛擬機器進入已停止 (已解除配置) 狀態,接著再中斷連結網路介面與虛擬機器。If a network interface is attached to a virtual machine, you must first place the virtual machine in the stopped (deallocated) state, then detach the network interface from the virtual machine. 若要讓網路介面與虛擬機器中斷連結,請完成讓網路介面與虛擬機器中斷連結中的步驟。To detach a network interface from a virtual machine, complete the steps in Detach a network interface from a virtual machine. 但是,如果該網路介面是連接至虛擬機器的唯一網路介面,則無法將它從虛擬機器中斷連結。You cannot detach a network interface from a virtual machine if it's the only network interface attached to the virtual machine however. 虛擬機器必須一律至少有一個連接的網路介面。A virtual machine must always have at least one network interface attached to it. 刪除虛擬機器會中斷連結所有已連接的網路介面,但不會刪除網路介面。Deleting a virtual machine detaches all network interfaces attached to it, but does not delete the network interfaces.

  1. 在 Azure 入口網站頂端包含「搜尋資源」文字的方塊中,輸入「網路介面」。In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 網路介面出現於搜尋結果時,請選取它。When network interfaces appear in the search results, select it.
  2. 選取要從網路介面清單中刪除之網路介面右邊的 [...]。Select ... on the right side of the network interface you want to delete from the list of network interfaces.
  3. 選取 [刪除]。Select Delete.
  4. 選取 [是] 以確認刪除網路介面。Select Yes to confirm deletion of the network interface.

當您刪除網路介面時,會釋出指派給它的所有 MAC 或 IP 位址。When you delete a network interface, any MAC or IP addresses assigned to it are released.

命令Commands

工具Tool 命令Command
CLICLI az network nic deleteaz network nic delete
PowerShellPowerShell 移除-New-aznetworkinterfaceRemove-AzNetworkInterface

解決連線問題Resolve connectivity issues

如果您無法與虛擬機器進行通訊,則網路安全性群組安全規則或對網路介面有效的路由可能會導致此問題。If you are unable to communicate to or from a virtual machine, network security group security rules or routes effective for a network interface, may be causing the problem. 您有下列選項來協助您解決問題:You have the following options to help resolve the issue:

檢視有效的安全性規則View effective security rules

連接至虛擬機器的每個網路介面的有效安全性規則,是您在網路安全性群組和預設安全性規則中建立的規則組合。The effective security rules for each network interface attached to a virtual machine are a combination of the rules you've created in a network security group and default security rules. 了解網路介面的有效安全性規則,可協助您判斷為什麼無法與虛擬機器進行通訊的原因。Understanding the effective security rules for a network interface may help you determine why you're unable to communicate to or from a virtual machine. 您可以檢視連結至執行中虛擬機器之任何網路介面的有效規則。You can view the effective rules for any network interface that is attached to a running virtual machine.

  1. 在入口網站頂端的搜尋方塊中,輸入您要檢視其有效安全性規則的虛擬機器名稱。In the search box at the top of the portal, enter the name of a virtual machine you want to view effective security rules for. 如果您不知道虛擬機器的名稱,請在搜尋方塊中輸入「虛擬機器」。If you don't know the name of a virtual machine, enter virtual machines in the search box. 當搜尋結果中出現虛擬機器時加以選取,然後從清單中選取虛擬機器。When Virtual machines appear in the search results, select it, and then select a virtual machine from the list.
  2. 在 [設定] 底下,選取 [網路]。Select Networking under SETTINGS.
  3. 選取網路介面的名稱。Select the name of a network interface.
  4. 在 [支援 + 疑難排解] 底下,選取 [有效的安全性規則]。Select Effective security rules under SUPPORT + TROUBLESHOOTING.
  5. 檢閱有效的安全性規則清單,以判斷您所需的輸入和輸出通訊是否存在正確的規則。Review the list of effective security rules to determine if the correct rules exist for your required inbound and outbound communication. 請參閱網路安全性群組概觀,深入了解您在此清單中看到的內容。Learn more about what you see in the list in Network security group overview.

Azure 網路監看員的 IP 流程驗證功能,也可以協助您判斷安全規則是否阻止虛擬機器和端點之間的通訊。The IP flow verify feature of Azure Network Watcher can also help you determine if security rules are preventing communication between a virtual machine and an endpoint. 若要深入了解,請參閱 IP 流程驗證To learn more, see IP flow verify.

命令Commands

檢視有效的路由View effective routes

連接至虛擬機器網路介面的有效路由是下列路由的組合:預設路由、您所建立的任何路由,以及透過 BGP 經由 Azure 虛擬網路閘道從內部部署網路傳播的任何路由。The effective routes for the network interfaces attached to a virtual machine are a combination of default routes, any routes you've created, and any routes propagated from on-premises networks via BGP through an Azure virtual network gateway. 了解網路介面的有效路由,可協助您判斷為什麼無法與虛擬機器進行通訊的原因。Understanding the effective routes for a network interface may help you determine why you're unable to communicate to or from a virtual machine. 您可以檢視連結至執行中虛擬機器之任何網路介面的有效路由。You can view the effective routes for any network interface that is attached to a running virtual machine.

  1. 在入口網站頂端的搜尋方塊中,輸入您要檢視其有效安全性規則的虛擬機器名稱。In the search box at the top of the portal, enter the name of a virtual machine you want to view effective security rules for. 如果您不知道虛擬機器的名稱,請在搜尋方塊中輸入「虛擬機器」。If you don't know the name of a virtual machine, enter virtual machines in the search box. 當搜尋結果中出現虛擬機器時加以選取,然後從清單中選取虛擬機器。When Virtual machines appear in the search results, select it, and then select a virtual machine from the list.
  2. 在 [設定] 底下,選取 [網路]。Select Networking under SETTINGS.
  3. 選取網路介面的名稱。Select the name of a network interface.
  4. 在 [支援 + 疑難排解] 底下,選取 [有效路由]。Select Effective routes under SUPPORT + TROUBLESHOOTING.
  5. 檢閱有效的路由清單,以判斷您所需的輸入和輸出通訊是否存在正確的路由。Review the list of effective routes to determine if the correct routes exist for your required inbound and outbound communication. 請參閱路由概觀,深入了解您在此清單中看到的內容。Learn more about what you see in the list in Routing overview.

Azure 網路監看員的下一個躍點功能,也可協助您判斷路由是否阻止虛擬機器和端點之間的通訊。The next hop feature of Azure Network Watcher can also help you determine if routes are preventing communication between a virtual machine and an endpoint. 如需深入了解,請參閱下一個躍點To learn more, see Next hop.

命令Commands

使用權限Permissions

若要針對網路介面執行工作,您的帳戶必須指派為網路參與者角色,或為已指派下表所列適當權限的自訂角色:To perform tasks on network interfaces, your account must be assigned to the network contributor role or to a custom role that is assigned the appropriate permissions listed in the following table:

動作Action 名稱Name
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面Get network interface
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 建立或更新網路介面Create or update network interface
Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action 將網路介面連結至虛擬機器Attach a network interface to a virtual machine
Microsoft.Network/networkInterfaces/deleteMicrosoft.Network/networkInterfaces/delete 刪除網路介面Delete network interface
Microsoft.Network/networkInterfaces/joinViaPrivateIp/actionMicrosoft.Network/networkInterfaces/joinViaPrivateIp/action 透過服務將資源加入網路介面Join a resource to a network interface via a servi...
Microsoft.Network/networkInterfaces/effectiveRouteTable/actionMicrosoft.Network/networkInterfaces/effectiveRouteTable/action 取得網路介面的有效路由表Get network interface effective route table
Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/actionMicrosoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action 取得網路介面的有效安全性群組Get network interface effective security groups
Microsoft.Network/networkInterfaces/loadBalancers/readMicrosoft.Network/networkInterfaces/loadBalancers/read 取得網路介面負載平衡器Get network interface load balancers
Microsoft.Network/networkInterfaces/serviceAssociations/readMicrosoft.Network/networkInterfaces/serviceAssociations/read 取得服務關聯Get service association
Microsoft.Network/networkInterfaces/serviceAssociations/writeMicrosoft.Network/networkInterfaces/serviceAssociations/write 建立或更新服務關聯Create or update a service association
Microsoft.Network/networkInterfaces/serviceAssociations/deleteMicrosoft.Network/networkInterfaces/serviceAssociations/delete 刪除服務關聯Delete service association
Microsoft.Network/networkInterfaces/serviceAssociations/validate/actionMicrosoft.Network/networkInterfaces/serviceAssociations/validate/action 驗證服務關聯Validate service association
Microsoft.Network/networkInterfaces/ipconfigurations/readMicrosoft.Network/networkInterfaces/ipconfigurations/read 取得網路介面 IP 設定Get network interface IP configuration

後續步驟Next steps