In general, mac filtering as a wireless security method is trivially easy to defeat: sniff for a valid client mac address on that wlan, and then spoof that address on your own client device. It's even less secure than static WEP.
If all you want to do is keep curious but innocent people off your network, a static wep key is more convenient than a mac filter. If you want to keep out a determined attacker, you must implement WPA2 and then you don't need a mac filter anyway.
With all that said, if you really must implement a mac filter, there are instructions here:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058ed26.shtml#macbasedacls
That page was written for standard IOS access points, but I'm assuming the same commands will work on your ISR.