I've been looking for a way to filter macs on the lan side of a 871 router. The following works to deny a list of mac's from passing traffic.
class-map match-any macfilter
match source-address mac hhhh.hhhh.hhhh
I've applied the service-policy to a vlan interface and it seems to block traffic from the designated mac address.
Is there a way to turn this around and use a class map to list mac addresses and apply that list to policy that will pass traffic on that list and drop anything that is not sourced from the mac's listed?