将公共 IP 地址关联到虚拟机Associate a public IP address to a virtual machine

本文介绍如何将公共 IP 地址关联到现有的虚拟机 (VM)。In this article, you learn how to associate a public IP address to an existing virtual machine (VM). 若要从 Internet 连接到某个 VM,该 VM 必须有关联的公共 IP 地址。If you want to connect to a VM from the internet, the VM must have a public IP address associated to it. 若要使用公共 IP 地址创建新的 VM,可以使用 Azure 门户Azure 命令行接口 (CLI)PowerShell 来完成此操作。If you want to create a new VM with a public IP address, you can do so using the Azure portal, the Azure command-line interface (CLI), or PowerShell. 公共 IP 地址会产生少许费用。Public IP addresses have a nominal fee. 有关详细信息,请参阅定价For details, see pricing. 可为每个订阅使用的公共 IP 地址数有限制。There is a limit to the number of public IP addresses that you can use per subscription. 有关详细信息,请参阅限制For details, see limits.

可以使用 Azure 门户、Azure 命令行接口 (CLI) 或 PowerShell 将公共 IP 地址关联到 VM。You can use the Azure portal, the Azure command-line interface (CLI), or PowerShell to associate a public IP address to a VM.

Azure 门户Azure portal

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 浏览或搜索要将公共 IP 地址添加到的虚拟机,然后将其选中。Browse to, or search for the virtual machine that you want to add the public IP address to and then select it.

  3. 在“设置”下选择“网络”,然后选择要将公共 IP 地址添加到的网络接口,如下图所示: Under Settings, select Networking, and then select the network interface you want to add the public IP address to, as shown in the following picture:

    选择网络接口

    备注

    公共 IP 地址将关联到 VM 上附加的网络接口。Public IP addresses are associated to network interfaces attached to a VM. 上图中的 VM 只有一个网络接口。In the previous picture, the VM only has one network interface. 如果 VM 有多个网络接口,它们都会显示,你需要选择要将公共 IP 地址关联到的网络接口。If the VM had multiple network interfaces, they would all appear, and you'd select the network interface you want to associate the public IP address to.

  4. 选择“IP 配置”,然后选择一种 IP 配置,如下图所示: Select IP configurations and then select an IP configuration, as shown in the following picture:

    选择 IP 配置

    备注

    公共 IP 地址将关联到网络接口的 IP 配置。Public IP addresses are associated to IP configurations for a network interface. 上图中的网络接口只有一种 IP 配置。In the previous picture, the network interface has one IP configuration. 如果网络接口有多种 IP 配置,它们都会出现在列表中,你需要选择要将公共 IP 地址关联到的 IP 配置。If the network interface had multiple IP configurations, they would all appear in the list, and you'd select the IP configuration that you want to associate the public IP address to.

  5. 依次选择“已启用”、“IP 地址(配置所需的设置)”。 Select Enabled, then select IP address (Configure required settings). 选择一个现有的公共 IP 地址,此时会自动关闭“选择公共 IP 地址”框。 Choose an existing public IP address, which automatically closes the Choose public IP address box. 如果未列出任何可用的公共 IP 地址,则需要创建一个。If you don't have any available public IP addresses listed, you need to create one. 若要了解如何创建,请参阅创建公共 IP 地址To learn how, see Create a public IP address. 如下图所示选择“保存”,然后关闭 IP 配置框。 Select Save, as shown in the picture that follows, and then close the box for the IP configuration.

    启用公共 IP 地址

    备注

    显示的公共 IP 地址是 VM 所在的同一区域中的 IP 地址。The public IP addresses that appear are those that exist in the same region as the VM. 如果在该区域中创建了多个公共 IP 地址时,所有 IP 地址都会显示在此处。If you have multiple public IP addresses created in the region, all will appear here. 如果有任何 IP 地址灰显,原因是该地址已关联到不同的资源。If any are grayed out, it's because the address is already associated to a different resource.

  6. 查看分配给 IP 配置的公共 IP 地址,如下图所示。View the public IP address assigned to the IP configuration, as shown in the picture that follows. IP 地址可能需要在几秒钟后才会显示。It may take a few seconds for an IP address to appear.

    查看分配的公共 IP 地址

    备注

    地址是从每个 Azure 区域中使用的地址池分配的。The address is assigned from a pool of addresses used in each Azure region. 若要查看每个区域中使用的地址池列表,请参阅 Azure 数据中心 IP 范围To see a list of address pools used in each region, see Azure Datacenter IP Ranges. 分配的地址可能是用于该区域的池中的任何地址。The address assigned can be any address in the pools used for the region. 如果需要从区域中的特定池分配地址,请使用公共 IP 前缀If you need the address to be assigned from a specific pool in the region, use a Public IP prefix.

  7. 使用网络安全组中的安全规则允许将网络流量发往 VMAllow network traffic to the VM with security rules in a network security group.

Azure CLIAzure CLI

在本地计算机上安装并使用 Azure CLIInstall and use the Azure CLI on your local computer.

  1. 如果在 Bash 本地使用 CLI,请使用 az login 登录到 Azure。If using the CLI locally in Bash, sign in to Azure with az login.

  2. 公共 IP 地址将关联到 VM 上附加的网络接口的 IP 配置。A public IP address is associated to an IP configuration of a network interface attached to a VM. 使用 az network nic-ip-config update 命令将公共 IP 地址关联到 IP 配置。Use the az network nic-ip-config update command to associate a public IP address to an IP configuration. 以下示例将现有公共 IP 地址 myVMPublicIP 关联到资源组 myResourceGroup 中现有网络接口 myVMVMNic 的 IP 配置 ipconfigmyVMThe following example associates an existing public IP address named myVMPublicIP to the IP configuration named ipconfigmyVM of an existing network interface named myVMVMNic that exists in a resource group named myResourceGroup.

    az network nic ip-config update \
     --name ipconfigmyVM \
     --nic-name myVMVMNic \
     --resource-group myResourceGroup \
     --public-ip-address myVMPublicIP
    
    • 如果没有现有的公共 IP 地址,请使用 az network public-ip create 命令创建一个。If you don't have an existing public IP address, use the az network public-ip create command to create one. 例如,以下命令在名为 myResourceGroup 的资源组中创建名为 myVMPublicIP 的公共 IP 地址。For example, the following command creates a public IP address named myVMPublicIP in a resource group named myResourceGroup.

      az network public-ip create --name myVMPublicIP --resource-group myResourceGroup
      

      备注

      以上命令使用你可能想要自定义的多个设置的默认值创建一个公共 IP 地址。The previous command creates a public IP address with default values for several settings that you may want to customize. 若要详细了解所有的公共 IP 地址设置,请参阅创建公共 IP 地址To learn more about all public IP address settings, see Create a public IP address. 地址是从每个 Azure 区域使用的公共 IP 地址池分配的。The address is assigned from a pool of public IP addresses used for each Azure region. 若要查看每个区域中使用的地址池列表,请参阅 Azure 数据中心 IP 范围To see a list of address pools used in each region, see Azure Datacenter IP Ranges.

    • 如果你不知道附加到 VM 的网络接口的名称,请使用 az vm nic list 命令查看名称。If you don't know the name of a network interface attached to your VM, use the az vm nic list command to view them. 例如,以下命令会列出附加到资源组 myResourceGroup 中 VM myVM 的网络接口的名称:For example, the following command lists the names of the network interfaces attached to a VM named myVM in a resource group named myResourceGroup:

      az vm nic list --vm-name myVM --resource-group myResourceGroup
      

      输出中包含类似于以下示例的一个或多个行:The output includes one or more lines that are similar to the following example:

      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/myVMVMNic",
      

      在以上示例中,myVMVMNic 是网络接口的名称。In the previous example, myVMVMNic is the name of the network interface.

    • 如果你不知道网络接口的 IP 配置的名称,请使用 az network nic ip-config list 命令检索名称。If you don't know the name of an IP configuration for a network interface, use the az network nic ip-config list command to retrieve them. 例如,以下命令会列出资源组 myResourceGroup 中网络接口 myVMVMNic 的 IP 配置的名称:For example, the following command lists the names of the IP configurations for a network interface named myVMVMNic in a resource group named myResourceGroup:

      az network nic ip-config list --nic-name myVMVMNic --resource-group myResourceGroup --out table
      
  3. 使用 az vm list-ip-addresses 命令查看分配到 IP 配置的公共 IP 地址。View the public IP address assigned to the IP configuration with the az vm list-ip-addresses command. 以下示例显示分配到资源组 myResourceGroup 中现有 VM myVM 的 IP 地址。The following example shows the IP addresses assigned to an existing VM named myVM in a resource group named myResourceGroup.

    az vm list-ip-addresses --name myVM --resource-group myResourceGroup --out table
    

    备注

    地址是从每个 Azure 区域中使用的地址池分配的。The address is assigned from a pool of addresses used in each Azure region. 若要查看每个区域中使用的地址池列表,请参阅 Azure 数据中心 IP 范围To see a list of address pools used in each region, see Azure Datacenter IP Ranges. 分配的地址可能是用于该区域的池中的任何地址。The address assigned can be any address in the pools used for the region. 如果需要从区域中的特定池分配地址,请使用公共 IP 前缀If you need the address to be assigned from a specific pool in the region, use a Public IP prefix.

  4. 使用网络安全组中的安全规则允许将网络流量发往 VMAllow network traffic to the VM with security rules in a network security group.

PowerShellPowerShell

在本地计算机上安装并使用 PowerShellInstall and use PowerShell on your local computer.

  1. 如果在本地使用 PowerShell,请使用 Connect-AzAccount -Environment AzureChinaCloud 登录到 Azure。If using PowerShell locally, sign in to Azure with Connect-AzAccount -Environment AzureChinaCloud.

  2. 公共 IP 地址将关联到 VM 上附加的网络接口的 IP 配置。A public IP address is associated to an IP configuration of a network interface attached to a VM. 使用 Get-AzVirtualNetworkGet-AzVirtualNetworkSubnetConfig 命令获取网络接口所在的虚拟网络和子网。Use the Get-AzVirtualNetwork and Get-AzVirtualNetworkSubnetConfig commands to get the virtual network and subnet that the network interface is in. 接下来,使用 Get-AzNetworkInterface 命令获取网络接口,并使用 Get-AzPublicIpAddress 命令获取现有的公共 IP 地址。Next, use the Get-AzNetworkInterface command to get a network interface and the Get-AzPublicIpAddress command to get an existing public IP address. 然后使用 Set-AzNetworkInterfaceIpConfig 命令将公共 IP 地址关联到 IP 配置,并使用 Set-AzNetworkInterface 命令将新 IP 配置写入到网络接口。Then use the Set-AzNetworkInterfaceIpConfig command to associate the public IP address to the IP configuration and the Set-AzNetworkInterface command to write the new IP configuration to the network interface.

    以下示例将现有公共 IP 地址 myVMPublicIP 关联到现有网络接口 myVMVMNic 的 IP 配置 ipconfigmyVM,该网络接口位于虚拟网络 myVMVNet 的子网 myVMSubnet 中。The following example associates an existing public IP address named myVMPublicIP to the IP configuration named ipconfigmyVM of an existing network interface named myVMVMNic that exists in a subnet named myVMSubnet in a virtual network named myVMVNet. 所有资源位于名为 myResourceGroup 的资源组中。All resources are in a resource group named myResourceGroup.

    $vnet = Get-AzVirtualNetwork -Name myVMVNet -ResourceGroupName myResourceGroup
    $subnet = Get-AzVirtualNetworkSubnetConfig -Name myVMSubnet -VirtualNetwork $vnet
    $nic = Get-AzNetworkInterface -Name myVMVMNic -ResourceGroupName myResourceGroup
    $pip = Get-AzPublicIpAddress -Name myVMPublicIP -ResourceGroupName myResourceGroup
    $nic | Set-AzNetworkInterfaceIpConfig -Name ipconfigmyVM -PublicIPAddress $pip -Subnet $subnet
    $nic | Set-AzNetworkInterface
    
    • 如果没有现有的公共 IP 地址,请使用 New-AzPublicIpAddress 命令创建一个。If you don't have an existing public IP address, use the New-AzPublicIpAddress command to create one. 例如,以下命令在 chinaeast 区域的名为 myResourceGroup 的资源组中,创建名为 myVMPublicIP 的动态公共 IP 地址。 For example, the following command creates a dynamic public IP address named myVMPublicIP in a resource group named myResourceGroup in the chinaeast region.

      New-AzPublicIpAddress -Name myVMPublicIP -ResourceGroupName myResourceGroup -AllocationMethod Dynamic -Location chinaeast
      

      备注

      以上命令使用你可能想要自定义的多个设置的默认值创建一个公共 IP 地址。The previous command creates a public IP address with default values for several settings that you may want to customize. 若要详细了解所有的公共 IP 地址设置,请参阅创建公共 IP 地址To learn more about all public IP address settings, see Create a public IP address. 地址是从每个 Azure 区域使用的公共 IP 地址池分配的。The address is assigned from a pool of public IP addresses used for each Azure region. 若要查看每个区域中使用的地址池列表,请参阅 Azure 数据中心 IP 范围To see a list of address pools used in each region, see Azure Datacenter IP Ranges.

    • 如果你不知道附加到 VM 的网络接口的名称,请使用 Get-AzVM 命令查看名称。If you don't know the name of a network interface attached to your VM, use the Get-AzVM command to view them. 例如,以下命令会列出附加到资源组 myResourceGroup 中 VM myVM 的网络接口的名称:For example, the following command lists the names of the network interfaces attached to a VM named myVM in a resource group named myResourceGroup:

      $vm = Get-AzVM -name myVM -ResourceGroupName myResourceGroup
      $vm.NetworkProfile
      

      输出中包含类似于以下示例的一个或多个行。The output includes one or more lines that are similar to the example that follows. 在示例输出中,myVMVMNic 是网络接口的名称。In the example output, myVMVMNic is the name of the network interface.

      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/myVMVMNic",
      
    • 如果你不知道网络接口所在的虚拟网络或子网的名称,请使用 Get-AzNetworkInterface 命令查看该信息。If you don't know the name of the virtual network or subnet that the network interface is in, use the Get-AzNetworkInterface command to view the information. 例如,以下命令获取名为 myResourceGroup 的资源组中名为 myVMVMNic 的网络接口的虚拟网络和子网信息:For example, the following command gets the virtual network and subnet information for a network interface named myVMVMNic in a resource group named myResourceGroup:

      $nic = Get-AzNetworkInterface -Name myVMVMNic -ResourceGroupName myResourceGroup
      $ipConfigs = $nic.IpConfigurations
      $ipConfigs.Subnet | Select Id
      

      输出中包含类似于以下示例的一个或多个行。The output includes one or more lines that are similar to the example that follows. 在示例输出中,myVMVNET 是虚拟网络的名称,myVMSubnet 是子网的名称。In the example output, myVMVNET is the name of the virtual network and myVMSubnet is the name of the subnet.

      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVMVNET/subnets/myVMSubnet",
      
    • 如果你不知道网络接口的 IP 配置的名称,请使用 Get-AzNetworkInterface 命令检索名称。If you don't know the name of an IP configuration for a network interface, use the Get-AzNetworkInterface command to retrieve them. 例如,以下命令会列出资源组 myResourceGroup 中网络接口 myVMVMNic 的 IP 配置的名称:For example, the following command lists the names of the IP configurations for a network interface named myVMVMNic in a resource group named myResourceGroup:

      $nic = Get-AzNetworkInterface -Name myVMVMNic -ResourceGroupName myResourceGroup
      $nic.IPConfigurations
      

      输出中包含类似于以下示例的一个或多个行。The output includes one or more lines that are similar to the example that follows. 在示例输出中,ipconfigmyVM 是 IP 配置的名称。In the example output, ipconfigmyVM is the name of an IP configuration.

      Id     : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkInterfaces/myVMVMNic/ipConfigurations/ipconfigmyVM
      
  3. 使用 Get-AzPublicIpAddress 命令查看分配到 IP 配置的公共 IP 地址。View the public IP address assigned to the IP configuration with the Get-AzPublicIpAddress command. 以下示例显示分配到资源组 myResourceGroup 中公共 IP 地址 myVMPublicIP 的地址。The following example shows the address assigned to a public IP address named myVMPublicIP in a resource group named myResourceGroup.

    Get-AzPublicIpAddress -Name myVMPublicIP -ResourceGroupName myResourceGroup | Select IpAddress
    

    如果你不知道分配到 IP 配置的公共 IP 地址的名称,请运行以下命令获取该名称:If you don't know the name of the public IP address assigned to an IP configuration, run the following commands to get it:

    $nic = Get-AzNetworkInterface -Name myVMVMNic -ResourceGroupName myResourceGroup
    $nic.IPConfigurations
    $address = $nic.IPConfigurations.PublicIpAddress
    $address | Select Id
    

    输出中包含类似于以下示例的一个或多个行。The output includes one or more lines that are similar to the example that follows. 在示例输出中,myVMPublicIP 是分配到 IP 配置的公共 IP 地址的名称。In the example output, myVMPublicIP is the name of the public IP address assigned to the IP configuration.

    "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myVMPublicIP"
    

    备注

    地址是从每个 Azure 区域中使用的地址池分配的。The address is assigned from a pool of addresses used in each Azure region. 若要查看每个区域中使用的地址池列表,请参阅 Azure 数据中心 IP 范围To see a list of address pools used in each region, see Azure Datacenter IP Ranges. 分配的地址可能是用于该区域的池中的任何地址。The address assigned can be any address in the pools used for the region. 如果需要从区域中的特定池分配地址,请使用公共 IP 前缀If you need the address to be assigned from a specific pool in the region, use a Public IP prefix.

  4. 使用网络安全组中的安全规则允许将网络流量发往 VMAllow network traffic to the VM with security rules in a network security group.

允许将网络流量发往 VMAllow network traffic to the VM

在从 Internet 连接到公共 IP 地址之前,请确保在可能已关联到网络接口的任何网络安全组和/或网络接口所在的子网中打开所需的端口。Before you can connect to the public IP address from the internet, ensure that you have the necessary ports open in any network security group that you might have associated to the network interface, the subnet the network interface is in, or both. 尽管安全组会筛选发往网络接口专用 IP 地址的流量,但一旦入站 Internet 流量抵达公共 IP 地址,Azure 就会将公共地址转换成专用 IP 地址,因此,如果网络安全组阻止流量流,则与公共 IP 地址的通信就会失败。Though security groups filter traffic to the private IP address of the network interface, once inbound internet traffic arrives at the public IP address, Azure translates the public address to the private IP address, so if a network security group prevents the traffic flow, the communication with the public IP address fails. 可以使用门户CLIPowerShell 查看网络接口及其子网的有效安全规则。You can view the effective security rules for a network interface and its subnet using the Portal, CLI, or PowerShell.

后续步骤Next steps

使用网络安全组允许将入站 Internet 流量发往 VM。Allow inbound internet traffic to your VM with a network security group. 若要了解如何创建网络安全组,请参阅使用网络安全组To learn how to create a network security group, see Work with network security groups. 若要详细了解网络安全组,请参阅安全组To learn more about network security groups, see Security groups.