I'm trying to migrate from Cisco 5520 WLC to Cisco 9800 WLC. I configured the WLAN with 802.1x and the AP is in FlexConnect mode.
When the client is trying to connect I see it associate with the WLC, but then it gets stuck in authenticating status. I'm not seeing anything on the ISE side meaning nothing reaches ISE. I'm not seeing the client get an IP either. WLC logs show the client being deleted with the reason L2AUTH_CONNECT_TIMEOUT. It seems like it might be all related to DHCP
WLC - 9800 version 17.9.4a
Switch - 9300 version 17.9.4a
WLC only has the Management/AP Management SVI VLAN 5. Clients are using VLAN 100 which is only a layer 2 VLAN on the WLC. The switch has IP helpers for VLAN 100. The Policy only has Central Authentication enabled.
Edit: Added client trace output
