Incorrect ARP responses point to MAC addresses that belong to Apple macOS devices which are running 10.14 or earlier

Be aware that cnPilot based networks, booth Wi-Fi5 and Wi-Fi6 AP´s could be affected by following misbehavior of MAC OS 10.14 and earlier.

It´s looking like an arp spoofing attack when you sniff the network or check the arp-table entries. The MAC OS-based device is answering as the Gateway MAC address. This could be caused by newer Android devices connected to the same broadcast domain.

The workaround is turning off proxy-arp per affected SSID.

Cisco found also this behavior and posted an article: