ExtremeWireless (Identifi)

Hello community,
since the last two weeks we have an ARP issue from time to time.
We run our guest WiFi on an Extreme Identify Wireless Controller. Topology is bridged@AP.
Sometimes we see a WiFi client with an IP Address from the default gateway and our Testsystem have also the MAC address from this Device in the arp table. The right default gateway isn’t reachable when this happened.
Default gateway is an hotspot/firewall appliance and all devices are in the same VLAN without an routed interface on the core.
Till now it was always an android device. The last time for example a huawei mate 20 lite.
we found the guest and it was an older woman so I think it wasn’t an attempted attack.
when the phone is active everything looks fine.
I found an old article who describe this bug but the post was 5 years old.
Have anyone the same issue in his environment?
we tried to activate dhcpsnooping and arpinspection in the networkswitches (A4 Series) but when a WiFi device is roaming to the next AP the connection lost.
So this wasn’t helpfully.
The last try today was to find a solution in the WiFi controller. I found a cisco documentation and cisco only work with arp proxy to inspect arp requests but I don’t find a hint that extreme do this also. The documentation only told my that arp proxy reduce ARP traffic.
Do we have a chance to activate something on the Core (X460-G2) or Accessswitches to prevent this behavior?
Firmware in the WiFi controller is the forelast 10.41.
thanks for your help,
Stefan