hi codemode
You have a few alternative options. One is to use the syslog parser (see ESI Syslog parser in the docs). It has the ability to blacklist based on mac, as long as you can format a 'syslog' message to send to the controller - not any more work than setting up an xml message. This is the only option in this post that would be considered to be 'supported'.
The second, which is a bit more advanced, is to use a libCURL based script to authenticate to the same interface that the controller webUI uses and inject the CLI command as the webUI would.
The third, which is not recommended for live systems, is to interact with the CLI over ssh. There are various reasons why that is not as good an idea as the above two, so I would focus on one of them instead.
hth.