One master controller, two locals -- all M3, 6.1.3.2 Blacklist duration is set to 0 for all Virtual APs/SSIDs for both Authentication Failure and Other. Found the bad guy on Local2 and blacklisted him; remaining time is blank as expected. Because you can only use the WebUI to blacklist a connected client, I went to the CLI for Master and Local1 and issued this command: stm add-blacklist-client [mac address]. On both, the remaining time is 1 hour, no matter what I do. Bad guy was able to connect to Local1 last night. Any way to fix this?