If the timeout expires, another authentication attempt is made. After three failed attempts to authenticate, the alternate server is used. After six failed attempts, local user authentication is used. If the user does not have a local account or the user is disabled locally, the user‘s login will fail.
If you do not specify the mgmt-access or netlogin keyword, the timeout interval applies to both switch management and netlogin RADIUS (Remote Authentication Dial In User Service) servers.