Be aware that cnPilot based networks, booth Wi-Fi5 and Wi-Fi6 AP´s could be affected by following misbehavior of MAC OS 10.14 and earlier.
It´s looking like an arp spoofing attack when you sniff the network or check the arp-table entries. The MAC OS-based device is answering as the Gateway MAC address. This could be caused by newer Android devices connected to the same broadcast domain.
The workaround is turning off proxy-arp per affected SSID.
Cisco found also this behavior and posted an article: