Initially, when authentication is enabled, at least one method should be enabled. If both methods are enabled, the external (RADIUS) authentication will be tried first. If this fails, SBC will fall back and try local authentication. The login attempt will be rejected if both the attempts failed.