That command is to disable an IP address that is assigned to an interface of the router/switch, not an external one.
You cannot actually enable or disable an IP address on another device, you can however "intercept" traffic from/to that address and redirect it to nowhere (action=drop in /ip firewall filter).
This you can normally do through a firewall rule but you cannot entirely block the traffic within the same LAN/subnet, because it doesn't pass through the firewall.
If you have an interface on the router switch that is connected to only that IP that you want to block, you can disable that interface IP address (i.e. the IP on the other side) or the actual interface, but if (like in most cases) you have a bridge you need to disable the interface, as the IP is assigned to the bridge.
And the firwall approach is not that easy as the firewall filter can be applied to different chains, depending on what you want to achieve in detail, and since firewall rules are executed sequentially it is vital to have the rules in the "right" order (i.e. if the "drop" rule is after an "accept" rule including that IP it will never find anything to drop).
You should better detail your network setup and what you would like to obtain, and post your configuration, along the lines of this post:
viewtopic.php?t=203686#p1051720
this way someone will (hopefully) be able to help you.
You cannot actually enable or disable an IP address on another device, you can however "intercept" traffic from/to that address and redirect it to nowhere (action=drop in /ip firewall filter).
This you can normally do through a firewall rule but you cannot entirely block the traffic within the same LAN/subnet, because it doesn't pass through the firewall.
If you have an interface on the router switch that is connected to only that IP that you want to block, you can disable that interface IP address (i.e. the IP on the other side) or the actual interface, but if (like in most cases) you have a bridge you need to disable the interface, as the IP is assigned to the bridge.
And the firwall approach is not that easy as the firewall filter can be applied to different chains, depending on what you want to achieve in detail, and since firewall rules are executed sequentially it is vital to have the rules in the "right" order (i.e. if the "drop" rule is after an "accept" rule including that IP it will never find anything to drop).
You should better detail your network setup and what you would like to obtain, and post your configuration, along the lines of this post:
viewtopic.php?t=203686#p1051720
this way someone will (hopefully) be able to help you.
Statistics: Posted by jaclaz — Sat Mar 02, 2024 11:48 am