az network vnet subnet
Manage subnets in an Azure Virtual Network.
To learn more about subnets visit https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-subnet.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network vnet subnet create |
Create a subnet and associate an existing NSG and route table. |
Core | GA |
| az network vnet subnet delete |
Delete a subnet. |
Core | GA |
| az network vnet subnet list |
List the subnets in a virtual network. |
Core | GA |
| az network vnet subnet list-available-delegations |
List the services available for subnet delegation. |
Core | GA |
| az network vnet subnet list-available-ips |
List some available ips in the subnet. |
Core | Preview |
| az network vnet subnet show |
Show details of a subnet. |
Core | GA |
| az network vnet subnet update |
Update a subnet. |
Core | GA |
| az network vnet subnet wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network vnet subnet create
Create a subnet and associate an existing NSG and route table.
az network vnet subnet create --name
--resource-group
--vnet-name
[--address-prefixes]
[--default-outbound --default-outbound-access {0, 1, f, false, n, no, t, true, y, yes}]
[--delegations]
[--disable-private-endpoint-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
[--disable-private-link-service-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
[--endpoints]
[--ipam-allocations --ipam-pool-prefix-allocations]
[--nat-gateway]
[--network-security-group --nsg]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--ple-network-policies --private-endpoint-network-policies {Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled}]
[--pls-network-policies --private-link-service-network-policies {Disabled, Enabled}]
[--route-table]
[--service-endpoint-policy]
[--service-endpoints]
[--sharing-scope {DelegatedServices, Tenant}]Examples
Create new subnet attached to an NSG with a custom route table.
az network vnet subnet create -g MyResourceGroup --vnet-name MyVnet -n MySubnet --address-prefixes 10.0.0.0/24 --network-security-group MyNsg --route-table MyRouteTableCreate new subnet attached to a NAT gateway.
az network vnet subnet create -n MySubnet --vnet-name MyVnet -g MyResourceGroup --nat-gateway MyNatGateway --address-prefixes "10.0.0.0/21"Required Parameters
The subnet name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The virtual network (VNet) name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Space-separated list of address prefixes in CIDR format. If provided, --ipam-allocations should not be specified. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Set this property to false to disable default outbound connectivity for all VMs in the subnet.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of services to whom the subnet should be delegated, e.g., Microsoft.Sql/servers. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Disable private endpoint network policies on the subnet. Please note that it will be replaced by --private-endpoint-network-policies soon.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Disable private link service network policies on the subnet. Please note that it will be replaced by --private-link-service-network-policies soon.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
An array of service endpoints. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
A list of IPAM Pools for allocating IP address prefixes. If provided, --address-prefixes would be ignored by CLI and should not be specified. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name or ID of a NAT gateway to attach.
Name or ID of a network security group (NSG).
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Manage network policies for private endpoint.
| Property | Value |
|---|---|
| Default value: | Disabled |
| Accepted values: | Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled |
Manage network policy for private link service.
| Property | Value |
|---|---|
| Default value: | Enabled |
| Accepted values: | Disabled, Enabled |
Name or ID of a route table to associate with the subnet.
Space-separated list of names or IDs of service endpoint policies to apply. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of services allowed private access to this subnet. Values from: az network vnet list-endpoint-services. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty.
| Property | Value |
|---|---|
| Accepted values: | DelegatedServices, Tenant |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vnet subnet delete
Delete a subnet.
az network vnet subnet delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]
[--vnet-name]Examples
Delete a subnet.
az network vnet subnet delete --name MySubnet --resource-group MyResourceGroup --vnet-name MyVnetOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The subnet name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The virtual network (VNet) name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vnet subnet list
List the subnets in a virtual network.
az network vnet subnet list --resource-group
--vnet-name
[--max-items]
[--next-token]Examples
List the subnets in a virtual network.
az network vnet subnet list -g MyResourceGroup --vnet-name MyVNetRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The virtual network (VNet) name.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vnet subnet list-available-delegations
List the services available for subnet delegation.
az network vnet subnet list-available-delegations [--location]
[--max-items]
[--next-token]
[--resource-group]Examples
Retrieve the service names for available delegations in the West US region.
az network vnet subnet list-available-delegations -l westus --query [].serviceNameList the services available for subnet delegation. (autogenerated)
az network vnet subnet list-available-delegations --resource-group MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>. When not specified, the location of the resource group will be used.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vnet subnet list-available-ips
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List some available ips in the subnet.
az network vnet subnet list-available-ips [--ids]
[--name]
[--resource-group]
[--subscription]
[--vnet-name]Examples
List some available ips in the subnet.
az network vnet subnet list-available-ips --resource-group MyResourceGroup --vnet-name MyVNet -n MySubnetOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The subnet name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The virtual network (VNet) name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vnet subnet show
Show details of a subnet.
az network vnet subnet show [--expand]
[--ids]
[--name]
[--resource-group]
[--subscription]
[--vnet-name]Examples
Show the details of a subnet associated with a virtual network.
az network vnet subnet show -g MyResourceGroup -n MySubnet --vnet-name MyVNetOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Expands referenced resources. Default value is None.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The subnet name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The virtual network (VNet) name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vnet subnet update
Update a subnet.
az network vnet subnet update [--add]
[--address-prefixes]
[--default-outbound --default-outbound-access {0, 1, f, false, n, no, t, true, y, yes}]
[--delegations]
[--disable-private-endpoint-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
[--disable-private-link-service-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
[--endpoints]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--ipam-allocations --ipam-pool-prefix-allocations]
[--name]
[--nat-gateway]
[--network-security-group --nsg]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--ple-network-policies --private-endpoint-network-policies {Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled}]
[--pls-network-policies --private-link-service-network-policies {Disabled, Enabled}]
[--remove]
[--resource-group]
[--route-table]
[--service-endpoint-policy]
[--service-endpoints]
[--set]
[--sharing-scope {DelegatedServices, Tenant}]
[--subscription]
[--vnet-name]Examples
Associate a network security group to a subnet.
az network vnet subnet update -g MyResourceGroup -n MySubnet --vnet-name MyVNet --network-security-group MyNsgUpdate subnet with NAT gateway.
az network vnet subnet update -n MySubnet --vnet-name MyVnet -g MyResourceGroup --nat-gateway MyNatGateway --address-prefixes "10.0.0.0/21"Disable the private endpoint network policies.
az network vnet subnet update -n MySubnet --vnet-name MyVnet -g MyResourceGroup --private-endpoint-network-policies DisabledDetach a network security group in a subnet.
az network vnet subnet update -g MyResourceGroup --vnet-name MyVNet -n MySubnet --nsg nullOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Space-separated list of address prefixes in CIDR format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Set this property to false to disable default outbound connectivity for all VMs in the subnet.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of services to whom the subnet should be delegated, e.g., Microsoft.Sql/servers. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Disable private endpoint network policies on the subnet. Please note that it will be replaced by --private-endpoint-network-policies soon.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Disable private link service network policies on the subnet. Please note that it will be replaced by --private-link-service-network-policies soon.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
An array of service endpoints. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
A list of IPAM Pools for allocating IP address prefixes. A list of IPAM Pools allocating IP address prefixes. If a non-empty value is provided, --address-prefixes would be ignored by CLI. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The subnet name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of a NAT gateway to attach. Use null to detach it.
Name or ID of a network security group (NSG). Use null to detach it.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Manage network policy for private endpoint.
| Property | Value |
|---|---|
| Accepted values: | Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled |
Manage network policy for private link service.
| Property | Value |
|---|---|
| Accepted values: | Disabled, Enabled |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of a route table to associate with the subnet. Use null to detach it.
Space-separated list of names or IDs of service endpoint policies to apply. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of services allowed private access to this subnet. Values from: az network vnet list-endpoint-services. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty.
| Property | Value |
|---|---|
| Accepted values: | DelegatedServices, Tenant |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The virtual network (VNet) name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vnet subnet wait
Place the CLI in a waiting state until a condition is met.
az network vnet subnet wait [--created]
[--custom]
[--deleted]
[--exists]
[--expand]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]
[--vnet-name]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Expands referenced resources. Default value is None.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
The subnet name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
The virtual network (VNet) name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
