az network vnet subnet

Manage subnets in an Azure Virtual Network.

To learn more about subnets visit https://docs.microsoft.com/azure/virtual-network/virtual-network-manage-subnet.

Commands

Name Description Type Status
az network vnet subnet create

Create a subnet and associate an existing NSG and route table.

Core GA
az network vnet subnet delete

Delete a subnet.

Core GA
az network vnet subnet list

List the subnets in a virtual network.

Core GA
az network vnet subnet list-available-delegations

List the services available for subnet delegation.

Core GA
az network vnet subnet list-available-ips

List some available ips in the subnet.

Core Preview
az network vnet subnet show

Show details of a subnet.

Core GA
az network vnet subnet update

Update a subnet.

Core GA
az network vnet subnet wait

Place the CLI in a waiting state until a condition is met.

Core GA

az network vnet subnet create

Create a subnet and associate an existing NSG and route table.

az network vnet subnet create --name
                              --resource-group
                              --vnet-name
                              [--address-prefixes]
                              [--default-outbound {0, 1, f, false, n, no, t, true, y, yes}]
                              [--delegations]
                              [--disable-private-endpoint-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
                              [--disable-private-link-service-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
                              [--nat-gateway]
                              [--network-security-group]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--ple-network-policies {Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled}]
                              [--pls-network-policies {Disabled, Enabled}]
                              [--route-table]
                              [--service-endpoint-policy]
                              [--service-endpoints]

Examples

Create new subnet attached to an NSG with a custom route table.

az network vnet subnet create -g MyResourceGroup --vnet-name MyVnet -n MySubnet --address-prefixes 10.0.0.0/24 --network-security-group MyNsg --route-table MyRouteTable

Create new subnet attached to a NAT gateway.

az network vnet subnet create -n MySubnet --vnet-name MyVnet -g MyResourceGroup --nat-gateway MyNatGateway --address-prefixes "10.0.0.0/21"

Required Parameters

--name -n

The subnet name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-name

The virtual network (VNet) name.

Optional Parameters

--address-prefixes

Space-separated list of address prefixes in CIDR format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--default-outbound --default-outbound-access

Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--delegations

Space-separated list of services to whom the subnet should be delegated, e.g., Microsoft.Sql/servers. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--disable-private-endpoint-network-policies

Disable private endpoint network policies on the subnet. Please note that it will be replaced by --private-endpoint-network-policies soon.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--disable-private-link-service-network-policies

Disable private link service network policies on the subnet. Please note that it will be replaced by --private-link-service-network-policies soon.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--nat-gateway

Name or ID of a NAT gateway to attach.

--network-security-group --nsg

Name or ID of a network security group (NSG).

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ple-network-policies --private-endpoint-network-policies

Manage network policies for private endpoint.

accepted values: Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled
default value: Disabled
--pls-network-policies --private-link-service-network-policies

Manage network policy for private link service.

accepted values: Disabled, Enabled
default value: Enabled
--route-table

Name or ID of a route table to associate with the subnet.

--service-endpoint-policy

Space-separated list of names or IDs of service endpoint policies to apply. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--service-endpoints

Space-separated list of services allowed private access to this subnet. Values from: az network vnet list-endpoint-services. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet subnet delete

Delete a subnet.

az network vnet subnet delete [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--resource-group]
                              [--subscription]
                              [--vnet-name]

Examples

Delete a subnet.

az network vnet subnet delete --name MySubnet --resource-group MyResourceGroup --vnet-name MyVnet

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The subnet name.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet subnet list

List the subnets in a virtual network.

az network vnet subnet list --resource-group
                            --vnet-name
                            [--max-items]
                            [--next-token]

Examples

List the subnets in a virtual network.

az network vnet subnet list -g MyResourceGroup --vnet-name MyVNet

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-name

The virtual network (VNet) name.

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet subnet list-available-delegations

List the services available for subnet delegation.

az network vnet subnet list-available-delegations [--location]
                                                  [--max-items]
                                                  [--next-token]
                                                  [--resource-group]

Examples

Retrieve the service names for available delegations in the West US region.

az network vnet subnet list-available-delegations -l westus --query [].serviceName

List the services available for subnet delegation. (autogenerated)

az network vnet subnet list-available-delegations --resource-group MyResourceGroup

Optional Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>. When not specified, the location of the resource group will be used.

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet subnet list-available-ips

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List some available ips in the subnet.

az network vnet subnet list-available-ips [--ids]
                                          [--name]
                                          [--resource-group]
                                          [--subscription]
                                          [--vnet-name]

Examples

List some available ips in the subnet.

az network vnet subnet list-available-ips --resource-group MyResourceGroup --vnet-name MyVNet -n MySubnet

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The subnet name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet subnet show

Show details of a subnet.

az network vnet subnet show [--expand]
                            [--ids]
                            [--name]
                            [--resource-group]
                            [--subscription]
                            [--vnet-name]

Examples

Show the details of a subnet associated with a virtual network.

az network vnet subnet show -g MyResourceGroup -n MySubnet --vnet-name MyVNet

Optional Parameters

--expand

Expands referenced resources. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The subnet name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet subnet update

Update a subnet.

az network vnet subnet update [--add]
                              [--address-prefixes]
                              [--default-outbound {0, 1, f, false, n, no, t, true, y, yes}]
                              [--delegations]
                              [--disable-private-endpoint-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
                              [--disable-private-link-service-network-policies {0, 1, f, false, n, no, t, true, y, yes}]
                              [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                              [--ids]
                              [--name]
                              [--nat-gateway]
                              [--network-security-group]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--ple-network-policies {Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled}]
                              [--pls-network-policies {Disabled, Enabled}]
                              [--remove]
                              [--resource-group]
                              [--route-table]
                              [--service-endpoint-policy]
                              [--service-endpoints]
                              [--set]
                              [--subscription]
                              [--vnet-name]

Examples

Associate a network security group to a subnet.

az network vnet subnet update -g MyResourceGroup -n MySubnet --vnet-name MyVNet --network-security-group MyNsg

Update subnet with NAT gateway.

az network vnet subnet update -n MySubnet --vnet-name MyVnet -g MyResourceGroup --nat-gateway MyNatGateway --address-prefixes "10.0.0.0/21"

Disable the private endpoint network policies.

az network vnet subnet update -n MySubnet --vnet-name MyVnet -g MyResourceGroup --private-endpoint-network-policies Disabled

Detach a network security group in a subnet.

az network vnet subnet update -g MyResourceGroup --vnet-name MyVNet -n MySubnet --nsg null

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--address-prefixes

Space-separated list of address prefixes in CIDR format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--default-outbound --default-outbound-access

Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--delegations

Space-separated list of services to whom the subnet should be delegated, e.g., Microsoft.Sql/servers. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--disable-private-endpoint-network-policies

Disable private endpoint network policies on the subnet. Please note that it will be replaced by --private-endpoint-network-policies soon.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--disable-private-link-service-network-policies

Disable private link service network policies on the subnet. Please note that it will be replaced by --private-link-service-network-policies soon.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The subnet name.

--nat-gateway

Name or ID of a NAT gateway to attach. Use null to detach it.

--network-security-group --nsg

Name or ID of a network security group (NSG). Use null to detach it.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ple-network-policies --private-endpoint-network-policies

Manage network policy for private endpoint.

accepted values: Disabled, Enabled, NetworkSecurityGroupEnabled, RouteTableEnabled
--pls-network-policies --private-link-service-network-policies

Manage network policy for private link service.

accepted values: Disabled, Enabled
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--route-table

Name or ID of a route table to associate with the subnet. Use null to detach it.

--service-endpoint-policy

Space-separated list of names or IDs of service endpoint policies to apply. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--service-endpoints

Space-separated list of services allowed private access to this subnet. Values from: az network vnet list-endpoint-services. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet subnet wait

Place the CLI in a waiting state until a condition is met.

az network vnet subnet wait [--created]
                            [--custom]
                            [--deleted]
                            [--exists]
                            [--expand]
                            [--ids]
                            [--interval]
                            [--name]
                            [--resource-group]
                            [--subscription]
                            [--timeout]
                            [--updated]
                            [--vnet-name]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False
--exists

Wait until the resource exists.

default value: False
--expand

Expands referenced resources. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30
--name -n

The subnet name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False
--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.