Create a Subnet in an Azure Virtual Network

This guide provides step-by-step instructions on how to create a new subnet within an existing Azure Virtual Network (VNet) using the Azure portal, Azure CLI, and Azure PowerShell.

Important: Once a subnet is created, you cannot resize it. If you need to change the subnet size, you will need to delete and recreate the subnet.

Prerequisites

An existing Azure Virtual Network. If you don't have one, you can create a VNet first.
Appropriate permissions to manage virtual networks in your Azure subscription.

Method 1: Using the Azure Portal

Sign in to the Azure portal: Go to https://portal.azure.com/ and sign in with your Azure account.
Navigate to your Virtual Network: Search for "Virtual networks" in the search bar at the top and select "Virtual networks" from the results. Click on the name of the virtual network you want to add a subnet to.
Access Subnets: In the virtual network's overview page, select Subnets from the left-hand menu under "Settings".
Add Subnet: Click the + Subnet button at the top of the subnets list.
Configure Subnet Details:
- Name: Enter a unique name for your subnet (e.g., WebServersSubnet, AppTierSubnet).
- Address range: Specify a valid IPv4 address range in CIDR notation that is a subset of the VNet's address space (e.g., 10.0.2.0/24). Ensure this range does not overlap with existing subnets.
- Network Security Group: (Optional) Choose an existing Network Security Group (NSG) or create a new one to apply network security rules. Select "None" if you don't want to associate an NSG at this time.
- Route Table: (Optional) Choose an existing route table or create a new one for custom routing. Select "None" if you don't want to associate a route table.
- Service endpoints: (Optional) Enable service endpoints for specific Azure services if needed.
- Private endpoints: (Optional) Configure private endpoint connections.
- Enable DDoS protection: (Optional) Enable Azure DDoS Protection Standard for enhanced protection.
- Enable subnet private link service: (Optional) Enable for private link service.
Save: Click the Save button at the bottom to create the subnet.

IP Address Allocation: Azure reserves the first four IP addresses and the last IP address in each subnet for protocol conformance. For example, in a subnet with the 10.0.2.0/24 address range, the first usable IP address is 10.0.2.4 and the last is 10.0.2.254.

Method 2: Using Azure CLI

Follow these steps to create a subnet using the Azure Command-Line Interface.

Install and configure Azure CLI: Ensure you have Azure CLI installed and are logged in to your Azure account using az login.
Create the subnet: Use the following command, replacing the placeholders with your actual values:

az network vnet subnet create \
  --resource-group <your-resource-group-name> \
  --vnet-name <your-vnet-name> \
  --name <your-subnet-name> \
  --address-prefixes <your-subnet-address-range> \
  --network-security-group <your-nsg-name-optional> \
  --route-table <your-route-table-name-optional>

Example:

az network vnet subnet create \
  --resource-group MyResourceGroup \
  --vnet-name MyVNet \
  --name WebServersSubnet \
  --address-prefixes 10.0.2.0/24

Method 3: Using Azure PowerShell

Follow these steps to create a subnet using Azure PowerShell.

Install and configure Azure PowerShell: Ensure you have the Azure PowerShell module installed and are connected to your Azure account using Connect-AzAccount.
Retrieve the virtual network object:


$vnet = Get-AzVirtualNetwork -ResourceGroupName "<your-resource-group-name>" -Name "<your-vnet-name>"

Define the subnet configuration:


$subnet = New-AzVirtualNetworkSubnetConfig -Name "<your-subnet-name>" -AddressPrefix "<your-subnet-address-range>"

Add the subnet to the virtual network and update:


$vnet | Add-AzVirtualNetworkSubnetConfig -Name $subnet.Name -AddressPrefix $subnet.AddressPrefix
$vnet | Set-AzVirtualNetwork