@Ronie I just did some testing and I’m also seeing strange results when using a mac access-list to filter MAC addresses. I used two routers and one 3560 switch. When I apply the vlan filter, the routers are still able to ping each other until I clear their ARP tables. Once I do that, they are unable to reach each other anymore since some of the ARP packets get filtered.
I would expect all traffic that matches one of the MAC addresses to be filtered but for whatever reason, it’s acting weird.
@Frades you can use port security to set a limit to the number of MAC addresses or you can use it as a MAC address filter. The last option will do the job but it’s not very secure, MAC addresses are easy to spoof.