у меня так работает
aaa authentication login default group %groupname%
aaa authentication login console local
aaa authorization config-commands default group %groupname% local
aaa authorization commands default group %groupname% local
aaa accounting default group %groupname%
no aaa user default-role
почему бы не
route-map POLICY permit 10
match ip address odd
set ip next-hop verify-availability 192.168.1.5 1 track 1
set ip next-hop verify-availability 192.168.2.6 2 track 2