The symptoms for us are the same as this other post. However, their resolution (removing DHCP reservations) does not apply.
The symptom is that a nexus tablet (running android OS 4.2.2) successfully authenticates via 802.1X and associates to our wpa2-aes SSID. We can see the DHCP discover/offer/request/ack at the controller, meaning the device's dhcp transaction is complete. We had the device derive an "allow all" firewall policy to rule that out as a variable; all traffic is permitted.
The device shows in the bridge table (show datapath bridge table) and in the datapath user table (show datapath user table) but with all zeros for their IP address. The ACL applied to the device in the datapath user table is correct, as well.
This is occurring with multiple nexus tablets but other devices are just fine meaning it's not a network forwarding and/or dhcp issue since all devices are sharing the same infrastructure and derive policy and VLAN the same.
Anywhere else to look?