I found above link through google. but it is not clear.

Ok they are a lot of examples around for switches and for routers.

Switches is a little bit more easier. For routers you need to use bride-group functionnality.

Is it bridging feature that you don't understand?

If yes, you can found some documentation on CiscoLive website: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=7917&backBtn=true

Or some blogs: http://networkerslog.blogspot.ca/2012/12/concept-of-bridge-domain-interfaces-bdi.html

You'll see it's a simple stuff to do and to understand. 

Why do you want to filter MAC addresses?

Thanks

BDI will not work with my current config and setup. i want to teach a lesson to bad kids dont use torrents on production environment. therefore i ll block their MAC addresses.

Ok got it. These guys are connected behind a switch? Not directly to the router. Why won't you block mac on switch?

If you want blocking torrent, you can also use nbar. Have you tried it? Od you want to block their network access instead of torrents? 

Do they have fix ip or dhcp?

i already have nbar torrent class and policy setup but it is not blocking properly.

they are getting ip through DHCP.

Connected through a switch in wired or wireless?

they are connected through switch.

Oh then block them by mac acl directly to the switch. If you don't want to use bridge, you need to apply mac acl on layer 2 interface. Does your router has ethernet card?

i already block them on switch by

mac-address-table static 38xx.xxxx.xxxx vlan 100 drop

i was curious can we block them through router?

If you want to block MAC on router, the only way without layer 2 interfaces is to use bridge.

If you want not to block only these guys but to manage what's going out on the internet, you can use NBAR (even if on these old routers NBAR is not updated and don't have all protocols) and also configure ZBF and if you want to have more security configure IPS (but need a module).

Doe sthis answer your question?