address ipv4 [ip]
Configures the IPv4 address of a TACACS+ server for AAA authentication, authorization, and accounting.
address ipv4 [ip]When to Use This Command
- Pointing to a primary TACACS+ server for network device authentication
- Adding a backup TACACS+ server for redundancy in AAA configurations
- Configuring multiple TACACS+ servers for load balancing authentication requests
- Replacing an old TACACS+ server IP with a new one during server migration
Command Examples
Configure a single TACACS+ server
address ipv4 192.168.1.100tacacs-server host 192.168.1.100
The command sets the IPv4 address of the TACACS+ server to 192.168.1.100. The output confirms the server is added to the configuration.
Configure multiple TACACS+ servers with different keys
address ipv4 10.0.0.1
key MySecretKeytacacs-server host 10.0.0.1 key MySecretKey
The first line sets the server IP to 10.0.0.1. The second line assigns a shared secret key 'MySecretKey' for that server. The output shows both lines in the running config.
Understanding the Output
The command does not produce a direct output; instead, it modifies the running configuration. To verify, use 'show running-config | include tacacs-server'. The output will list all configured TACACS+ servers with their IP addresses and optional keys. Each server appears as 'tacacs-server host <ip-address>'. If a key is configured, it appears on the next line indented. Ensure the IP is reachable and the key matches the server. Missing or mismatched keys cause authentication failures.
CCNA Exam Tips
CCNA exam may test that 'address ipv4' is used under TACACS config mode, not global config.
Remember that the key must be configured separately; the address command alone does not set a key.
You can configure multiple TACACS+ servers; the router tries them in order of configuration.
The command 'tacacs-server host' in global config is an older method; CCNA focuses on the newer TACACS config mode.
Common Mistakes
Forgetting to enter TACACS config mode before using 'address ipv4' — results in invalid command error.
Configuring the IP address but not setting a key — causes authentication to fail silently.
Using the wrong IP address or a non-reachable server — leads to AAA timeouts and fallback to local authentication.
Related Commands
aaa authentication login default group radius local
Configures AAA authentication for login using a RADIUS server group as the primary method, falling back to local authentication if the RADIUS server is unreachable.
aaa new-model
Enables AAA (Authentication, Authorization, and Accounting) security services on a Cisco device, required before configuring any AAA commands.
key [shared-secret]
Configures the shared secret key used for TACACS+ authentication between the Cisco device and the TACACS+ server.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions