Here is a little detail of what we are planning.
Every time a PC authenticates to the network, the RADIUS server must contact a Domain Controller.
If for some reason the connection is lost between the RADIUS server and the domain controller, users will no more be able to get on the network. The switches and the Wi-Fi controllers will however not be able to know this, since the RADIUS server is still up and running, and answers requests to the ports 1812 and 1813. It just replies with a Auth_Fail message. So the network equipment will never know that something is wrong.
Instead we need a system like shown below, where a monitoring system is sending a real RADIUS request to the RADIUS server, where it validates a username and password that end with Auth_OK. So we can raise an alarm, if the corp domain is not accessible. It is not possible to monitor the RADIUS server it self for Auth_Fail messages, as they happen all the time when users or machines fail authentication.