You can delete a user session with the following :
(Aruba) #aaa user delete
all Delete all users. Can take upto 5 mins if there are
large number of users getting deleted
ap-ip-addr Match AP IP address
ap-name Match AP name
mac Match MAC address
name Match user name
role Match role name
A.B.C.D Match IP address
If you want to black list the client do the following:
stm add-blacklist-client <MAC>
You can able bandwidth controls to restrict traffic and you can also apply ACL's to take action based upon certain traffic. If you have a context aware authentication service such as CPPM, you can configure this to enforce and action should a trigger be matched (i.e XXX of data transferred in X amount of time).
You can complete this based on the User Role or VLAN.
http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-a-bandwidth-contract-based-on-VLAN-and-user/ta-p/177668
Or if you wish to apply this per SSID (VAP).
http://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/ARM/Traffic_Shaping.htm?Highlight=traffic shaping