| title | titleSuffix | description | services | ms.date | ms.author | author | ms.service | ms.subservice | ms.topic | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|
Assign multiple IP addresses to VMs - Azure PowerShell |
Azure Virtual Network |
Learn how to create a virtual machine with multiple IP addresses using Azure PowerShell. |
virtual-network |
08/24/2023 |
mbender |
mbender-ms |
azure-virtual-network |
ip-services |
how-to |
template-how-to, engagement-fy23, devx-track-azurepowershell |
An Azure Virtual Machine (VM) has one or more network interfaces (NIC) attached to it. Any NIC can have one or more static or dynamic public and private IP addresses assigned to it.
Assigning multiple IP addresses to a VM enables the following capabilities:
-
Hosting multiple websites or services with different IP addresses and TLS/SSL certificates on a single server.
-
Serve as a network virtual appliance, such as a firewall or load balancer.
-
The ability to add any of the private IP addresses for any of the NICs to an Azure Load Balancer back-end pool. In the past, only the primary IP address for the primary NIC could be added to a back-end pool. For more information about load balancing multiple IP configurations, see Load balancing multiple IP configurations.
Every NIC attached to a VM has one or more IP configurations associated to it. Each configuration is assigned one static or dynamic private IP address. Each configuration may also have one public IP address resource associated to it. To learn more about IP addresses in Azure, see IP addresses in Azure.
Note
All IP configurations on a single NIC must be associated to the same subnet. If multiple IPs on different subnets are desired, multiple NICs on a VM can be used. To learn more about multiple NICs on a VM in Azure, see Create VM with Multiple NICs.
There's a limit to how many private IP addresses can be assigned to a NIC. There's also a limit to how many public IP addresses that can be used in an Azure subscription. See the Azure limits article for details.
This article explains how to add multiple IP addresses to a virtual machine using PowerShell.
-
An Azure account with an active subscription. Create an account for free.
-
PowerShell environment in Azure Cloud Shell or Azure PowerShell installed locally. To learn more about using PowerShell in Azure Cloud Shell, see Azure Cloud Shell Quickstart.
- If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run
Get-InstalledModule -Name Azto find the installed version. If you need to upgrade, see Install Azure PowerShell module. Ensure your Az.Network module is 4.3.0 or later. To verify the installed module, use the commandGet-InstalledModule -Name "Az.Network". If the module requires an update, use the commandUpdate-Module -Name "Az.Network"if necessary.
- If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run
-
Sign in to Azure PowerShell and ensure you've selected the subscription with which you want to use this feature. For more information, see Sign in with Azure PowerShell.
Note
Though the steps in this article assigns all IP configurations to a single NIC, you can also assign multiple IP configurations to any NIC in a multi-NIC VM. To learn how to create a VM with multiple NICs, see Create a VM with multiple NICs.
:::image type="content" source="./media/virtual-network-multiple-ip-addresses-portal/multiple-ipconfigs.png" alt-text="Diagram of network configuration resources created in How-to article.":::
Figure: Diagram of network configuration resources created in this How-to article.
An Azure resource group is a logical container into which Azure resources are deployed and managed.
Create a resource group with New-AzResourceGroup named myResourceGroup in the eastus2 location.
$rg =@{
Name = 'myResourceGroup'
Location = 'eastus2'
}
New-AzResourceGroup @rg
In this section, you create a virtual network for the virtual machine.
Use New-AzVirtualNetwork and New-AzVirtualNetworkSubnetConfig to create a virtual network with one subnet.
## Create backend subnet config ##
$subnet = @{
Name = 'myBackendSubnet'
AddressPrefix = '10.1.0.0/24'
}
$subnetConfig = New-AzVirtualNetworkSubnetConfig @subnet
## Create the virtual network ##
$vnet = @{
Name = 'myVNet'
ResourceGroupName = 'myResourceGroup'
Location = 'eastus2'
AddressPrefix = '10.1.0.0/16'
Subnet = $subnetConfig
}
New-AzVirtualNetwork @vnet
Use New-AzPublicIpAddress to create a primary public IP address.
$ip1 = @{
Name = 'myPublicIP-1'
ResourceGroupName = 'myResourceGroup'
Location = 'eastus2'
Sku = 'Standard'
AllocationMethod = 'Static'
IpAddressVersion = 'IPv4'
Zone = 1,2,3
}
New-AzPublicIpAddress @ip1
In this section, you create a network security group for the virtual machine and virtual network. You create a rule to allow connections to the virtual machine on port 22 for SSH.
Use New-AzNetworkSecurityGroup and New-AzNetworkSecurityRuleConfig to create the network security group and rules.
## Create rule for network security group and place in variable. ##
$nsgrule1 = @{
Name = 'myNSGRuleSSH'
Description = 'Allow SSH'
Protocol = '*'
SourcePortRange = '*'
DestinationPortRange = '22'
SourceAddressPrefix = 'Internet'
DestinationAddressPrefix = '*'
Access = 'Allow'
Priority = '200'
Direction = 'Inbound'
}
$rule1 = New-AzNetworkSecurityRuleConfig @nsgrule1
## Create network security group ##
$nsg = @{
Name = 'myNSG'
ResourceGroupName = 'myResourceGroup'
Location = 'eastus2'
SecurityRules = $rule1
}
New-AzNetworkSecurityGroup @nsg
Use New-AzNetworkInterface and New-AzNetworkInterfaceIpConfig to create a network interface (NIC) for the virtual machine. The public IP address and network security group created previously are associated with the network interface. The network interface is attached to the virtual network you created previously.
## Place the virtual network into a variable. ##
$net = @{
Name = 'myVNet'
ResourceGroupName = 'myResourceGroup'
}
$vnet = Get-AzVirtualNetwork @net
## Place the network security group into a variable. ##
$ns = @{
Name = 'myNSG'
ResourceGroupName = 'myResourceGroup'
}
$nsg = Get-AzNetworkSecurityGroup @ns
## Place the primary public IP address into a variable. ##
$pub1 = @{
Name = 'myPublicIP-1'
ResourceGroupName = 'myResourceGroup'
}
$pubIP1 = Get-AzPublicIPAddress @pub1
## Create a primary IP configuration for the network interface. ##
$IP1 = @{
Name = 'ipconfig1'
Subnet = $vnet.Subnets[0]
PrivateIpAddressVersion = 'IPv4'
PublicIPAddress = $pubIP1
}
$IP1Config = New-AzNetworkInterfaceIpConfig @IP1 -Primary
## Create a secondary IP configuration for the network interface. ##
$IP3 = @{
Name = 'ipconfig3'
Subnet = $vnet.Subnets[0]
PrivateIpAddressVersion = 'IPv4'
PrivateIpAddress = '10.1.0.6'
}
$IP3Config = New-AzNetworkInterfaceIpConfig @IP3
## Command to create a network interface. ##
$nic = @{
Name = 'myNIC1'
ResourceGroupName = 'myResourceGroup'
Location = 'eastus2'
NetworkSecurityGroup = $nsg
IpConfiguration = $IP1Config,$IP3Config
}
New-AzNetworkInterface @nic
Note
When adding a static IP address, you must specify an unused, valid address on the subnet the NIC is connected to.
Use the following commands to create the virtual machine:
$cred = Get-Credential
## Place network interface into a variable. ##
$nic = @{
Name = 'myNIC1'
ResourceGroupName = 'myResourceGroup'
}
$nicVM = Get-AzNetworkInterface @nic
## Create a virtual machine configuration for VMs ##
$vmsz = @{
VMName = 'myVM'
VMSize = 'Standard_DS1_v2'
}
$vmos = @{
ComputerName = 'myVM'
Credential = $cred
}
$vmimage = @{
PublisherName = 'Debian'
Offer = 'debian-11'
Skus = '11'
Version = 'latest'
}
$vmConfig = New-AzVMConfig @vmsz `
| Set-AzVMOperatingSystem @vmos -Linux `
| Set-AzVMSourceImage @vmimage `
| Add-AzVMNetworkInterface -Id $nicVM.Id
## Create the virtual machine for VMs ##
$vm = @{
ResourceGroupName = 'myResourceGroup'
Location = 'eastus2'
VM = $vmConfig
SshKeyName = 'mySSHKey'
}
New-AzVM @vm -GenerateSshKey
Use New-AzPublicIpAddress to create a secondary public IP address.
$ip2 = @{
Name = 'myPublicIP-2'
ResourceGroupName = 'myResourceGroup'
Location = 'eastus2'
Sku = 'Standard'
AllocationMethod = 'Static'
IpAddressVersion = 'IPv4'
Zone = 1,2,3
}
New-AzPublicIpAddress @ip2
Use New-AzNetworkInterfaceIpConfig to create the secondary IP configuration for the virtual machine.
## Place the virtual network into a variable. ##
$net = @{
Name = 'myVNet'
ResourceGroupName = 'myResourceGroup'
}
$vnet = Get-AzVirtualNetwork @net
## Place your virtual network subnet into a variable. ##
$sub = @{
Name = 'myBackendSubnet'
VirtualNetwork = $vnet
}
$subnet = Get-AzVirtualNetworkSubnetConfig @sub
## Place the secondary public IP address you created previously into a variable. ##
$pip = @{
Name = 'myPublicIP-2'
ResourceGroupName = 'myResourceGroup'
}
$pubIP2 = Get-AzPublicIPAddress @pip
## Place the network interface into a variable. ##
$net = @{
Name = 'myNIC1'
ResourceGroupName = 'myResourceGroup'
}
$nic = Get-AzNetworkInterface @net
## Create a secondary IP configuration for the network interface. ##
$IPc2 = @{
Name = 'ipconfig2'
Subnet = $vnet.Subnets[0]
PrivateIpAddressVersion = 'IPv4'
PrivateIpAddress = '10.1.0.5'
PublicIPAddress = $pubIP2
}
$IP2Config = New-AzNetworkInterfaceIpConfig @IPc2
## Add the IP configuration to the network interface. ##
$nic.IpConfigurations.Add($IP2Config)
## Save the configuration to the network interface. ##
$nic | Set-AzNetworkInterface
[!INCLUDE virtual-network-multiple-ip-addresses-os-config.md]
- Learn more about public IP addresses in Azure.
- Learn more about private IP addresses in Azure.
- Learn how to Configure IP addresses for an Azure network interface.