Without setting up an evil-twin network, if the wifi network has client isolation turned on (i.e clients are only able to speak to the router), is it possible to perform ARP spoofing still?
Client isolation means, in most cases, that the router drops incoming packets on the wifi interface with a destination MAC address which is known to be on the same interface, effectively preventing wireless clients from communicating with each other. This prevents ARP spoofing if it's properly implemented.
This only help against MitM attacks, though. An attacker can still passively sniff traffic.
This only help against MitM attacks, though. An attacker can still passively sniff traffic.