Our 3750X port goes into err-disabled due to reaching mac-address limit but the show mac address-table is not showing enough mac addresses to reach this limit. Meaning, for example the port-security limit is set to 10, and the show mac table only lists 3 mac-addresses, the err-disabled due to port-security is still triggered. This is being resolved by shutting/no-shutting the port several times. Any feedback or having the same experience will be much appreciated. Our device is 48-PF-L and version is universalk9 SE5.
that sounds like a bug...but I could not find one that matches your description. Which template are you running (show sdm prefer) ?
You can obviously circumvent the problem by configuring:
switchport port-security violation protect | restrict
which will keep the port from going into err-disable, not sure if that complies with your security policy though...