Cisco IOS – Blocking MAC Addresses

These are two options to drop the traffic associated with a MAC address.

Drop it via an interface service policy:

class-map match-any UNWANTED-PCs
  match source-address mac AAAA.BBBB.CCCC
  match source-address mac DDDD.EEEE.FFFF
!
policy-map IN-POLICY
  class UNWANTED-PCs
   drop
!
int GigabitEthernet0/0
  description LAN-Interface
  service-policy input IN-POLICY

Or drop it within the vlan itself:

mac address-table static 0100.0203.0405 vlan 1 drop