For each authentication order, the end result is considered in deciding whether to authenticate the client through the authentication failure VLAN or the authentication service unavailable VLAN (if configured).
For example, if the authentication order is radius, local, with the RADIUS server unavailable, and local authentication failed, the client is authenticated in the authentication failure VLAN (if one is configured on the port).
If the user is configured, but the password does not match, it is considered an authentication failure.
For RADIUS server authentication, if for some reason the user cannot be authenticated due to problems with the RADIUS configuration, the RADIUS server not running, or some other problem then it is considered as an authentication service unavailable. If the actual authentication fails then it is considered as an authentication failure.