Hi Ada,
Mac access list is only for non ipv4 traffic and may not solve your purpose. Also port security will allow you to specify mac address which you want to allow and now which you want to block and if you have multiple say 100s of clients its a difficult task.
I can think of 2 possible solutions that is dot1x which is identity based networking or VMPS where you have pre approved mac address listed in a text file with vlan number they should be assigned dynamically and is any machine gets into the network whose mac address is not from the pre configured list can be assigned to a non routable vlan or an isolated vlan which does not have any connectivity into your network just like a guest and then you can have control on that vlan.
But I agree 802.1x will give you more security and control in your network.
You can have a look at these links for 802.1x as well as VMPS
For 8021.1x
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_37_se/configuration/guide/sw8021x.html
For VMPS
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_37_se/configuration/guide/swvlan.html#wp1212223
HTH
Ankur
*Pls rate all helpfull post