I enable port-security on all of my switches and it has worked flawlessly, but I'm starting to wonder if I got a false positive or a glitch. Last night around 11:17pm the switch port connecting to my Inter-tel phone processor got put in err-disable state because there were now two MAC addresses found on the port (I have 99% of the ports set with the default maximum of 1). I received an alert from our NMS that port-security had been tripped and shut down this port; attached is the exact syslog message. The MAC address in the trap is the actual MAC, it was not changed by me for posting it on this forum. At this time of night nobody is in the building where this closet is located and it is physically locked so the chances of someone plugging a switch or hub into the port is between slim and none.