aaa authorization exec Command in Cisco IOS

The aaa authorization exec default command in Cisco IOS is used to define the authorization method for user EXEC sessions for AAA. The available options for this command include:

  • cache: Uses cached-group.
  • group: Uses a server-group.
  • if-authenticated: Succeeds if the user has authenticated.
  • krb5-instance: Uses Kerberos instance privilege maps.
  • local: Uses the local database.
  • none: No authorization (always succeeds).

In some IOS versions, the group radius keywords can be used to specify that the list of all RADIUS servers defined by the aaa group server radius command should be used for authorization. If the group keyword is not used, a single configured RADIUS server will be used instead.

To ensure compatibility, verify that your IOS version supports the specific syntax of the aaa authorization exec default command you intend to use.

https://networklessons.com/cisco/ccie-enterprise-infrastructure/aaa-configuration-cisco-switch/