Hi,
You could use MQC to drop frames from unknown MAC addresses like this:
class-map match-any PERMIT-MAC
match source-address mac xxxx.xxxx.xxxx
class-map match-any DENY-MAC
match not class PERMIT-MAC
policy-map DENY-MAC
class DENY-MAC
drop
int vlan 1
service-policy input DENY-MAC
Where xxxx.xxxx.xxxx are the known permitted MAC addresses, this way the unknown MAC addresses won't communicate with the outside world.
Now if you don't want these to communicate inside your LAN also then if it is available on this platform you could disable dynamic src MAC learning and put static MAC entries for known addresses.
If none of these solutions are good for you then I'm going to look at the Cisco doc for this platform to sse if other configs could be done, which IOS are you running?
Regards
Alain
Don't forget to rate helpful posts.