I have a 2960x-48fpd-l running 15.2.2E3 connected to a 3702 AP. Port config pasted below. The AP is in local switching mode so all the clients get dropped off at the switch - hence the trunk and multiple vlans because of the various ssid's and radius overrides.

I ran across one ap/port that has 700+ mac addresses given when doing show mac addr int bla. That's  highly suspicious because there are now zero clients on that AP and haven't been any in many days - much past the 300s mac addr age time. I can clear one mac at a time and they don't appear to come back. I cleared all the mac's on the interface - a couple came back of clients that were roaming around so that's expected. But... why was the switch holding on to hundreds of macs that aren't there anymore? At first I thought it could have been the AP generating bogus traffic... but if that were true all the mac addresses would come back. Changed the arp timeout for fun and it didn't make a difference. I have multiple ports/AP's doing this. There's no functional impact yet, other then nuisance mac flapping from this port to that port messages. Some of those are expected during a live client roaming... but if a client is stuck on one port, goes home for the day, and comes back on another port/ap it would produce un-necessary logs.

Thoughts?

interface GigabitEthernet bla
description WAP
switchport trunk native vlan a
switchport trunk allowed vlan b,c,d,e,f,a
switchport mode trunk
no snmp trap link-status
arp timeout 60
end