Sounds like you need a VLAN Filter applied - you'll have to know the MACs of all the machines that you want to permit, or they will all need to be in a nice neat contiguous range, but this should get you started:
mac access-list extended IBM_MACS
permit host a001.b001.c001 any
permit host d002.e002.f002 any
!
vlan access-map PERMIT_IBM 10
action forward
match mac address IBM_MACS
vlan access-map PERMIT_IBM 20
action drop
!
vlan filter PERMIT_IBM vlan-list 1, 3-5, 8
HTH,
Aaron