Share via


az network vnet peering

Manage peering connections between Azure Virtual Networks.

To learn more about virtual network peering visit https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering.

Commands

Name Description Type Status
az network vnet peering create

Create a virtual network peering connection.

Core GA
az network vnet peering delete

Delete a peering.

Core GA
az network vnet peering list

List peerings.

Core GA
az network vnet peering show

Show details of a peering.

Core GA
az network vnet peering sync

Sync a virtual network peering connection.

Core GA
az network vnet peering update

Update a peering in the specified virtual network.

Core GA
az network vnet peering wait

Place the CLI in a waiting state until a condition is met.

Core GA

az network vnet peering create

Create a virtual network peering connection.

To successfully peer two virtual networks this command must be called twice with the values for --vnet-name and --remote-vnet reversed.

az network vnet peering create --name
                               --remote-vnet
                               --resource-group
                               --vnet-name
                               [--allow-forwarded-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-gateway-transit {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-vnet-access {0, 1, f, false, n, no, t, true, y, yes}]
                               [--enable-only-ipv6 {0, 1, f, false, n, no, t, true, y, yes}]
                               [--local-subnet-names]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-complete-vnets {0, 1, f, false, n, no, t, true, y, yes}]
                               [--remote-subnet-names]
                               [--use-remote-gateways {0, 1, f, false, n, no, t, true, y, yes}]

Examples

Create a peering connection between two virtual networks.

az network vnet peering create -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1 --remote-vnet MyVnet2Id --allow-vnet-access

Required Parameters

--name -n

The name of the VNet peering.

--remote-vnet

Name or ID of the remote VNet.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-name

The virtual network (VNet) name.

Optional Parameters

--allow-forwarded-traffic

Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Default value: False
--allow-gateway-transit

If gateway links can be used in remote virtual networking to link to this virtual network.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Default value: False
--allow-vnet-access

Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Default value: False
--enable-only-ipv6

Whether only Ipv6 address space is peered for subnet peering.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--local-subnet-names

List of local subnet names that are subnet peered with remote virtual network. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer-complete-vnets

Whether complete virtual network address space is peered.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Default value: True
--remote-subnet-names

List of remote subnet names from remote virtual network that are subnet peered. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--use-remote-gateways

Allows VNet to use the remote VNet's gateway. Remote VNet gateway must have --allow-gateway-transit enabled for remote peering. Only 1 peering can have this flag enabled. Cannot be set if the VNet already has a gateway.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet peering delete

Delete a peering.

az network vnet peering delete [--ids]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--resource-group]
                               [--subscription]
                               [--vnet-name]

Examples

Delete a virtual network peering connection.

az network vnet peering delete -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the VNet peering.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet peering list

List peerings.

az network vnet peering list --resource-group
                             --vnet-name
                             [--max-items]
                             [--next-token]

Examples

List all peerings of a specified virtual network.

az network vnet peering list -g MyResourceGroup --vnet-name MyVnet1

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-name

The virtual network (VNet) name.

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet peering show

Show details of a peering.

az network vnet peering show [--ids]
                             [--name]
                             [--resource-group]
                             [--subscription]
                             [--vnet-name]

Examples

Show all details of the specified virtual network peering.

az network vnet peering show -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the VNet peering.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet peering sync

Sync a virtual network peering connection.

az network vnet peering sync [--ids]
                             [--name]
                             [--resource-group]
                             [--subscription]
                             [--vnet-name]

Examples

Sync a peering connection.

az network vnet peering sync -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the VNet peering.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet peering update

Update a peering in the specified virtual network.

az network vnet peering update [--add]
                               [--allow-forwarded-traffic {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-gateway-transit {0, 1, f, false, n, no, t, true, y, yes}]
                               [--allow-vnet-access {0, 1, f, false, n, no, t, true, y, yes}]
                               [--enable-only-ipv6 {0, 1, f, false, n, no, t, true, y, yes}]
                               [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                               [--ids]
                               [--local-subnet-names]
                               [--name]
                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                               [--peer-complete-vnets {0, 1, f, false, n, no, t, true, y, yes}]
                               [--remote-subnet-names]
                               [--remote-vnet]
                               [--remove]
                               [--resource-group]
                               [--set]
                               [--subscription]
                               [--sync-remote {true}]
                               [--use-remote-gateways {0, 1, f, false, n, no, t, true, y, yes}]
                               [--vnet-name]

Examples

Change forwarded traffic configuration of a virtual network peering.

az network vnet peering update -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1 --set allowForwardedTraffic=true

Change virtual network access of a virtual network peering.

az network vnet peering update -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1 --set allowVirtualNetworkAccess=true

Change gateway transit property configuration of a virtual network peering.

az network vnet peering update -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1 --set allowGatewayTransit=true

Use remote gateways in virtual network peering.

az network vnet peering update -g MyResourceGroup -n MyVnet1ToMyVnet2 --vnet-name MyVnet1 --set useRemoteGateways=true

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--allow-forwarded-traffic

Allows forwarded traffic from the local VNet to the remote VNet.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-gateway-transit

Allows gateway link to be used in the remote VNet.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-vnet-access

Allows access from the local VNet to the remote VNet.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-only-ipv6

Whether only Ipv6 address space is peered for subnet peering.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--local-subnet-names

List of local subnet names that are subnet peered with remote virtual network. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--name -n

The name of the VNet peering.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--peer-complete-vnets

Whether complete virtual network address space is peered.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--remote-subnet-names

List of remote subnet names from remote virtual network that are subnet peered. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remote-vnet

Name or ID of the remote VNet.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--sync-remote

Parameter indicates the intention to sync the peering with the current address space on the remote vNet after it's updated.

Accepted values: true
--use-remote-gateways

Allows VNet to use the remote VNet's gateway. Remote VNet gateway must have --allow-gateway-transit enabled for remote peering. Only 1 peering can have this flag enabled. Cannot be set if the VNet already has a gateway.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vnet peering wait

Place the CLI in a waiting state until a condition is met.

az network vnet peering wait [--created]
                             [--custom]
                             [--deleted]
                             [--exists]
                             [--ids]
                             [--interval]
                             [--name]
                             [--resource-group]
                             [--subscription]
                             [--timeout]
                             [--updated]
                             [--vnet-name]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name -n

The name of the VNet peering.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
--vnet-name

The virtual network (VNet) name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.