I found the solution to block all macs and permit only the authorized macs.
1- Create a time range to make the rules to be active, accordly to your needs.
2- Create 2 acls, one to permit the macs (with lower acl number) and another to block all macs (with a higher acl number). In my enviroment, I created the ACL 4000 to permit the macs and the ACL 4999 who is intended to block all other macs. Obviously, the ACL 4000 need to be the "permit" type and the acl 4999 "deny" type. The FFFF-FFFF-FFFF is the maks who identify the exactly mac address, in other means, only the mac who you inform will be authorized on the switch. On the ACL 4999, the source and destination mac can be 0 in each field. Do not forget to inform the time range in each ACL.
3- Create two classifiers, like below, on for ACL 4000 and another for 4999 ACL.
4- Create two behaviors, on for the ACL 4000 and another for ACL 4999. The first behavior must have the option PERMIT and the second will be DENY.
5- Link the behaviors and the classifiers in only one "QOS Policy", like below (the name of the policy is to better indentification when apply to the ports of the switch; the "only one policy" is because each port of the switch permit only one policy each time):
6- Apply the policy to the port accordly to your needs (mine is 19).
That´s it. My switch is running with the 1120 firmware.