The devices in question are stand-alone cisco switches.
I have attached the "debug aaa **" output below for a successful and unsuccessful login attempt. These logs come from the two switches running the same IOS & model.
I am able to authenticate with rsa token, but able to authenticate via local user database when the "aaa authorization exec if-authenticated" command is present.
If the command is not present, I am able to login via the local user database, but not radius.
Any thoughts? What additional information can I provide to help isolate this?