I'm trying to setup an internet vlan that I can give to users so they can put machines directly on the internet. For security, I would like to make sure they send me the mac address first so I can verify that security policies are in place on the machine they are going to be putting on the internet. So, I would like a setup like:
except instead of specifying which mac addresses to block I would like to block everything and specify which mac addresses are actually allowed on the vlan. Does anyone have any examples like in the document for this type of scenario? I've changed some settings around but I can't have the access-map action of drop with an access-list of any -> any after the forward because it will still end up dropping everything. Any ideas?