Disabling a network interface immediately stops traffic on that link, which is useful during maintenance, isolating a faulty NIC, or forcing the system to stop using one path without shutting down the whole host.

Linux keeps separate administrative and operational state for each interface. Running ip link set dev IFACE down marks the interface administratively down, removes active routes that depend on that interface from the forwarding table, and leaves any assigned addresses visible in ip addr until the interface is raised again.

Disabling the interface that carries the current SSH or remote management session drops that session immediately, so the change is safest from a local console, out-of-band access, or a second working interface. The ip link change is runtime only, and higher-level tools such as NetworkManager, systemd-networkd, or distro-specific startup configuration can bring the interface back after a service reload or reboot unless persistent configuration is changed separately.

Related: How to enable a network interface in Linux
Related: How to restart a network interface in Linux
Related: How to check network interface link state in Linux

Steps to disable a network interface with ip in Linux:

  1. List interfaces and note the exact name of the interface to disable. 
    $ ip -br link
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>
eth0             UP             02:00:00:00:00:10 <BROADCAST,MULTICAST,UP,LOWER_UP>

    The first column is the interface name, such as eth0, enp0s3, or wlp2s0.

  2. Review the current configuration on the target interface before taking it down. 
    $ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 02:00:00:00:00:10 brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.40/24 brd 192.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20:ff:fe00:10/64 scope link
       valid_lft forever preferred_lft forever

    This confirms the target interface and shows which address records will be affected by the shutdown.

  3. Bring the selected interface down. 
    $ sudo ip link set dev eth0 down

    Disabling the interface that carries the active remote session immediately disconnects that session and can remove the host's route to other networks.

  4. Confirm that the interface is now administratively down. 
    $ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 02:00:00:00:00:10 brd ff:ff:ff:ff:ff:ff

    Missing UP and LOWER_UP plus state DOWN confirm that the kernel is no longer treating the link as active.

  5. Check whether the address record is still attached while the interface remains down. 
    $ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 02:00:00:00:00:10 brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.40/24 brd 192.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20:ff:fe00:10/64 scope link
       valid_lft forever preferred_lft forever

    Linux commonly leaves the configured address visible even though the interface cannot pass traffic in the down state.

    Related: How to show IP addresses in Linux

  6. Confirm that routes tied to the disabled interface are no longer active. 
    $ ip route show dev eth0

    No output is expected after the interface is administratively down because the kernel withdraws the active routes that depended on that interface.