It is embarrassing how long it took me to find how to do this properly. Google failed in this instance. I am posting this here in the hopes that this will help others in the future.
This is how you kick/deauthenticate a client from the command line.
# This is the official/proper way to /kickdeathenticate a client. However, this requires hostapd_cli, which is not installed by default.
# Install the "hostapd-utils" package for hostapd_cli.
hostapd_cli deauthenticate $MAC_ADDRESS
# Note that for a multi-radio AP (most are these days), you will need to specify the radio/interface the client is on:
hostapd_cli -i wlan0 deauthenticate $MAC_ADDRESS
# This method does not send a deauth packet. It literally just drops the client dead from the auth table without a proper goodbye.
iw dev $IFACE station del $MAC_ADDRESS
Note that a client may reasonable choose to immediately reconnect if they are deauthenticated... or maybe not. I get the impression that this is not defined in the 802.11 specifications so it's up to the client to decide how to behave, otherwise there would probably be a temp-deauth and perm-deauth type message for kicking clients temporarily (AP reboot) or permanently (GTFO my network and don't retry).
Also take note that as of this time, openwrt does NOT log client disconnects, which is not good in my option. Set "option log_level 1" in your "config wifi-device" section of your "wireless" file. The default is 2, 1 will show disconnects.
I needed to deauth clients for troubleshooting purposes.
(Last edited by jmomo on 4 Feb 2016, 12:40)