See page 580-583 in the userguide:
Blacklist Duration
You can configure the duration that clients are blacklisted on a per-SSID basis via the virtual AP profile.
There are two different blacklist duration settings:
For clients that are blacklisted due to authentication failure. By default, this is set to 0 (the client is
blacklisted indefinitely).
For clients that are blacklisted due to other reasons, including manual blacklisting. By default, this is set
to 3600 seconds (one hour). You can set this to 0 to blacklist clients indefinitely.
To configure the blacklist duration via the WebUI:
1. Navigate to the Configuration > Wireless > AP Configuration page.
2. Select either AP Group or AP Specific tab. Click Edit for the AP group or AP name.
3. In the Profiles list, select Wireless LAN, then Virtual AP. Select the virtual AP instance.
To set a blacklist duration for authentication failure, enter a value for Authentication Failure
Blacklist Time.
To set a blacklist duration for other reasons, enter a value for Blacklist Time.
4. Click Apply.
To configure the blacklist duration via the command-line interface, access the CLI in config mode and issue
the following commands:
wlan virtual-ap <profile>
auth-failure-blacklist-time <seconds>
blacklist-time <seconds>
.. John