Hello Cameron
First of all, it seems that I am unable to issue the aaa authorization exec default radius local command on my CML.
Router(config)#aaa authorization exec default ?
cache Use Cached-group
group Use server-group.
if-authenticated Succeed if user has authenticated.
krb5-instance Use Kerberos instance privilege maps.
local Use local database.
none No authorization (always succeeds).
Router(config)#aaa authorization exec default
I am running the following:
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.9(3)M6, RELEASE SOFTWARE (fc1)
I also don’t see this syntax for the command as shown in the following Cisco command reference:
If however, on some IOS version this command is available, there is still a difference between these commands.
The use of the group radius keywords uses the list of all RADIUS servers for authorization as defined by the aaa group server radius command. If the group keyword is not used (and assuming this works on some other IOS version) then the single configured RADIUS server will be used.
Just to confirm, can you check to see that your setup does indeed support this command and let us know what IOS you’re using.
I hope this has been helpful!
Laz