How to force +500 Clients to renew their IP address on the network ?
Posted by Head-Web-404@reddit | sysadmin | View on Reddit | 233 comments
Hello folks, let’s start the day with this topic! 😊
nyckidryan@reddit
How much time do you have before the change needs to happen? 😉
If you have the time, change the lease time to 1 hour, then all the clients will request a lease renewal at 30 minutes. Make your changes, then after all the workstations have refreshed, change the lease time back to what it was.. or just leave it. 😄
himji@reddit
Reboot the switches
twisted-logic@reddit
Hi.. neteng here.. please don’t do this thing.
HighRelevancy@reddit
I know enough about enterprise networking to know that there's much deep arcane knowledge I will never possess.
But that said, bruh, is your stuff really that fragile? Are you systems so delicate that a reboot scares you? Is there really such risk that it costs you more than a small amount of downtime?
HoustonBOFH@reddit
To be fair... An 8 switch stack of 9300s can take 45 minutes to come back, so not a "small amount of downtime."
HighRelevancy@reddit
Mama Mia. I've not dealt with switches like that. That does sound horrible.
CrownstrikeIntern@reddit
First mistake, stacking them
pdp10@reddit
This. If you're not confident that you can survive a simple power bounce, then tell me you're working right this minute on making sure you can survive a simple power bounce.
In a well-oiled computing infrastructure, you should be able to use your at-risk windows to randomly unplug some hardware or down some instances, chaos monkey style, and verify that everything stays up and/or recovers.
twisted-logic@reddit
Not everyone works in a well oiled computing structure pdp10!!!!!
Frothyleet@reddit
Yeah but there is a big middle ground between "my infrastructure is fully resilient" and "I lose sleep at night thinking about one of my switches rebooting".
wrt-wtf-@reddit
Switches bouncing isn’t scary. It’s the ensuing argument that the switch has caused an issue when some of the systems connected don’t re-initiise as they should and inevitably it’ll be something politically sensitive that “the network broke”.
This is something you’d normally see in a data centre environment and the devices would normally be fixed IP anyway. I’ve seen mainframe-FEP drop their interface and stay down with a similar scenario on Linux deployments that aren’t properly configured.
I love explaining network issues to sysadmins in-depth so that they can learn - but there should be some different risk mitigations about a DC reboot vs an edge switch that manages end user devices rebooting.
IOT devices, printers, access points, and currently connected devices.
As an absolute minimum, you let all stakeholders known what you are going to do, snapshot the switch state, including Mac-address table and port mapping, write the config (Cisco), restart the system. Snapshot the state after reboot compare everything and let stakeholders know that certain devices disappeared - or you fixed them yourself.
But these “network issues” aren’t a network issue - they’ll inevitably be reported as a network issue and administering managers will blame the outage on the network when it is the connected device that has failed to do the required interface re-initialisation.
It’s the layer8 issues that lead to network engineers being concerned about switch reboots. Not the fragility of the network devices and configs. It’s the network engineer that takes the hit for poorly configured systems.
twisted-logic@reddit
Yeah.. evidently hyperbole is not defined in this subreddit. It’s just a joke lol
Frothyleet@reddit
It's more that there is a substantial contingent of people who have real crappy environments and rather than improve things they roll their eyes and say "ugh god all these high falutin' enterprise sysadmins don't understand how things are in the REAL WORLD".
And so you just never know if someone is being jokey or incompetent ¯\(ツ)/¯
twisted-logic@reddit
Fair enough. I’m not on here much so I didn’t realise that lol.
root-node@reddit
Everyone has a test environment, some people also have a production environment
Tetha@reddit
Something I also push: There is a difference between respect and fear.
I am confident that if I trigger a failover on any of our PostgreSQL clusters even during peak load, it will be 1-2 seconds of outage, a bunch of cancelled requests and bounce right back. We've tested this under load during announced chaos tests and various production incidents of database abuse :)
Quite a few of our upgrade procedures are built upon the idea and confidence that we can failover and reboot unattended and it will go right. Or if a security or larger availability concern hits us, I'm entirely willing to push that button whenever.
I however also know how this can cause a bunch of support tickets when done during peak load, so I'd prefer to do this outside of peak hours, usually in the late afternoon, to the more critical systems.
hornethacker97@reddit
My knee jerk reaction is that someone outside of networking may not know the condition of the config backups 😆 or what level of work it might take to physically terminal into switches if they don’t come back up correctly
abakedapplepie@reddit
better to find out you fucked up that bad during a planned outage than an unplanned one
Cormacolinde@reddit
I’m sorry, but if your config is not properly saved and backed up, you have a serious issue that a simple power flicker would trigger. That’s BAD.
twisted-logic@reddit
It was more just a joke tbh.
As with everything in life though, it depends. If leadership hasn’t shelled out any cash for infra replacements in long while then yes. Yes I am afraid to reboot that Cisco 3850/3650 that’s been up for over 3 years. No I do not want to touch that catalyst 4500. Those things scare me.
Downinahole94@reddit
Jesus, that's the stuff I use in my home lab, because it's old and cheap.
benderunit9000@reddit
The configuration should not be that fragile.
RelevantToMyInterest@reddit
former neteng here...
DO IT YOU COWARD!
Dorest0rm@reddit
Yolo
Okay, why not?
Cyber_Faustao@reddit
If your infrastructe can't survive a reboot then it is already broken and just awaiting for a trigger for it (UPS fault, intern pulling the wrong cables, etc).
So perhaps its time to fix that?
HoustonBOFH@reddit
Also net eng here... And often a properly cascaded reboot of the switches can solve a lot of problems.
JoeyJoeC@reddit
Why not? Worked when I needed to do it.
fragwhistle@reddit
If you want to be a bit more graceful, do a shutdown on all of the access ports and the no shutdown. If you want to make sure they all come up with "new" addresses, delete the leases between shutdown and no shutdown.
MarzMan@reddit
Ricoh Printer: Oh, the nic went down? Guess I have the rest of eternity off.
thelordfolken81@reddit
Please save the config first …
ansibleloop@reddit
I have all of mine in Ansible
Reload away
benderunit9000@reddit
IaC or bust
gnartato@reddit
Cisco boiii confirmed.
Head-Web-404@reddit (OP)
Sometime, there are switches behind switches, which will not have impact on endpoints
gnartato@reddit
Have you considered flipping the circuit breakers for the entire building? It will leave the switches up (if UPS protected) and reboot all the clients. If you're worried about wireless clients just reboot all the APs at the same time
Brraaap@reddit
ALL the switches
Proof-Variation7005@reddit
Do the light switches too.
DontDoIt2121@reddit
Kill em all!
Evil-Bosse@reddit
Instructions unclear, found a big switch in electrical room, even the servers rebooted from that one
Brraaap@reddit
That'll do it
himji@reddit
Yes all
Tasty_Switch_4920@reddit
Processing img z2bfhkticstg1...
Pleased_to_meet_u@reddit
If you haven't read the original comic, it's a LOT of fun.
Hyperbole And A Half: https://hyperboleandahalf.blogspot.com/2010/06/this-is-why-ill-never-be-adult.html
u/GullibleCrazy 488, you'll like this.
GullibleCrazy488@reddit
too funny!
Pr0fessionalAgitator@reddit
Every switch?
MetaVulture@reddit
Power cycle the facility itself.
MiXeD-ArTs@reddit
This was my first thought.
anxiousvater@reddit
That's what I did at home, a short circuit to replace a bulb forced many devices to get a new IP address.
ExpensivePoint3972@reddit
bomb the power plant
oliland1@reddit
Cut power to the building until all UPS run out
kristianroberts@reddit
Wouldn’t necessarily work. Clients are selfish and can just skip discover/offer and go straight for a request if they detect it’s a known network. Heck, some clients (Apple) try override the lease times.
CyberRedhead27@reddit
Just "shut" - "no shut" the ports.
dont_ama_73@reddit
Run Cisco switches, wait for a unexpected crash. Wont take long
bgr2258@reddit
Change DHCP lease time to 30 minutes. Wait at least as long as the old lease time for everything to expire
BigChubs1@reddit
This. And I’m curious why op wants and/or why has to do this
The-Sys-Admin@reddit
Printer has a static IP and they can't get to the client that was assigned the same Ip.
Tsk tsk... No DHCP reservation.....
Cloudraa@reddit
So just turn off the printer and run /renew on the client then add a dhcp reservation hahaha
or even better don't put static network device IPs in your dhcp scope!! gahh
Fraktyl@reddit
I inherited my network. The number of hard coded IP's in the DHCP scope was staggering. Almost got it where it needs to be, but man was that a mind blowing experience when I opened the DHCP manager.
Master4733@reddit
My inherited network was like that.
But they weren't reserved in the dhcp scope, they were just assigned and at some point other devices managed to get the IP address.
I had half a dozen switches and ap's just sitting there with power and no network connection
mountain_bound@reddit
My inherited network is dishing out dhcp from a hand full of Sonicwall firewalls and there's no server system anywhere. The thought of lifting this site into something useful is exhausting.
Fraktyl@reddit
That's exactly what happened here. Random printers just stopping as new computers came online.
I've got the hardcoded ones reserved and remove the reservation as I get them out of the scope. Making a management VLAN really helped clean up the IP address space.
TU4AR@reddit
I once walked into a client that the first 5 ips of every network was SOLELY And ONLY for network printers.
Example :
172.0.0.1-5 will be for the office. Got a 6th printer?
172.0.1.1-5 will be used for the next five Printers.
172.0.2.1-5 will be used for the third batch. So on and so fourth.
So if you think your Networking is bad, just remember some guy got paid more than you to make these decisions.
SinTheRellah@reddit
Could be a lot worse tbh.
TU4AR@reddit
Always is, doesn't hold a match to a guy naming servers after moons of Jupiter.
Who the fuck knows what Callisto does.
FarmboyJustice@reddit
This is not that bad, at least the printers aren't restricted to prime number octets.
sir_mrej@reddit
I mean this just sounds very late 90s/early 2000s. It was prolly an old guy who was doing what he had always done.
That's not the worst thing I've ever seen
Nydus87@reddit
I can at least sort of see the logic there, but it doesn't scale well if you've got a printer heavy office.
maxtimbo@reddit
It's really that easy.
MrChach@reddit
I can’t tell you how many idiot “IT Guys” don’t understand how much time and effort DHCP reservation save. “The vendor says make it static”. “Let’s keep it DHCP with a reservation. It’s easier to manage. “, “The vendor says they won’t support that. “.
The-Sys-Admin@reddit
Do it have a MAC address? Then the vendor don't need to support shit!
It's frustrating to inherit a network like that. Just left my last place with that mess.
UntouchedWagons@reddit
Who's the dude in your avatar?
The-Sys-Admin@reddit
Kenan Thompson, most recently of SNL fame.
Gadgetman_1@reddit
If that was the issue, they could find the Switchport of the offending machine, and just disable it.
jbp216@reddit
change the printer ip. are you not connecting via dns?
hihcadore@reddit
Guessing this is an onion of bad
The-Sys-Admin@reddit
This is healthcare mother f****r. Printers were installed before the domain. IP access only.
We ain't got time to update DNS records or DHCP scopes.
someguy7710@reddit
I've had to re-ip a whole network before. Why? Because they were using a public ip block the they no longer owned for their lan. I don't know why!
GullibleDetective@reddit
Ip change project
Belchat@reddit
Moving clients to a new range perhaps
Dabnician@reddit
they might have changed the dhcp options
Fallingdamage@reddit
Or reboot the core switches.
wrt-wtf-@reddit
Won’t do anything. You need to cycle the interface that the devices are connected to.
tdhuck@reddit
Yup, this is what I do when I anticipate making changes, this of course assumes I have time to do this. My lease times are set to 24 hours.
If I have to make a change immediately (can't recall any time that this had to happen immediately). I'll make the DHCP changes needed, set the lease time to something low like 15 minutes, just in case I need to make another quick change, then I start deleting leases. While it might not work for online hosts, it does seem to work for offline hosts that are holding on to an IP that I don't want to be available for the next 24 hours. If the client is active on the network, I'll ask HD to get with the user and see when they can reboot the PC.
ranger_dood@reddit
If a client thinks its lease is good for 7 days, wouldn't it not check in at all for at least 3.5 days (assuming no reboots or network status change).
when_nerds_cry@reddit
Half as long, initial lease renewal attempt on dhcp is at the halfway point, anything online at that time will renew their lease, anything offline will just do it when they come back online, this is a safe method
Frothyleet@reddit
That behavior is true for the Windows DHCP client, I don't know if it's universal.
when_nerds_cry@reddit
Well it should be as this behavior for T1 is defined in RFC2131 the actual DHCP spec, so unless your client doesn't follow the actual DHCP specification you are pretty safe
Gadgetman_1@reddit
Older Cisco Videoconferencing units?
when_nerds_cry@reddit
Do older cisco videoconferencing units not follow the RFC spec for DHCP? idk the answer to that - most of our cisco gear responds as expected, I typically do this same process on my voice vlan's whenever we change scope or options and they always pick up the change at the half way mark as expected
Gadgetman_1@reddit
We had one that didn't behave, at least. It has long since been recycled, though, so it can no longer hurt any networks.
HappyVlane@reddit
It's true for everything that follows the RFC default values.
https://datatracker.ietf.org/doc/html/rfc2131#section-4.4
Frothyleet@reddit
Thank you, I couldn't find it when I skimmed the RFC a while back so I didn't know if it was actually prescribed behavior or just common practice.
nof@reddit
Renews start after 50% lease time. Should save a few hours/days/weeks depending on how insane the old policy was.
thepfy1@reddit
Set it to 1 second
bwalz87@reddit
I was thinking the same thing
apb91781@reddit
Change the base IP. Instead of 198.0.. * to something like 198.1.. *
nyckidryan@reddit
That won't force a renewal until 50% of the DHCP lease time has expired.
wrt-wtf-@reddit
If you’re desperate and don’t mind taking the hit, cycle the switch ports with a script or reboot the switches.
Pristine_Curve@reddit
If it is a planned change, reduce DHCP lease time ahead of the change.
If it is an unplanned change where you can't prepare in advance, restart the access layer switches.
Last resort, tell everyone to restart.
SirLoremIpsum@reddit
SECOND last resort
Last Resort is flipping the breakers to the building :)
engy1207@reddit
ah yes, the classic "the fastest way to shut down all the computers in a room is a short-circuit connector in the nearest outlet"...
Xoron101@reddit
Well shit, since covid everyone now has a laptop. So this won't work for us.
How about a solar flare?
engy1207@reddit
reboot every access point. Preferably at the same time. When they reconnect they should get a new address (you don't have static Wifi addresses, do you?
Alternatively rename every SSID...
vppencilsharpening@reddit
Dude the last time we did this the electrician didn't want to touch it with a 10ft poll and I don't either.
It was turned off on a weekend planned well in advance. The electrician turning the breaker back on had to crank a handle a few times and then push a button to "flip" it back on.
He pushed the button with two wooden broom sticks taped together while looking the other way after clearing everyone from the room.
Apparently if it failed to turn back on the electric company was on 12-hour standby to cut the power at the pole so the breaker could be safely replaced.
patmorgan235@reddit
Ooh yeah, Google "arc flash" for what the guy was scared of
Azuras33@reddit
And tell it's the electrical compagny fault.
Pork_Bastard@reddit
i always love bouncing the switches for this task!
lazyhustlermusic@reddit
Describe the silly thing you did to put yourself in this situation
some_string_@reddit
Haha, YES!
Silver-Preparation20@reddit
Reboot your switches.
Evening_Plan_2302@reddit
ipconfig release && ipconfig renew
guitpick@reddit
We can't emphasize enough how important the && is if you're running this remotely or from a batch file on a network share. Splitting this into two lines disconnects before getting the renew.
wezu123@reddit
Nostalgia throwback to myself trying to restart the NIC, and getting myself locked out
SirLoremIpsum@reddit
I always knew there was a better way to do it but I never could be bothered to work out how...
I will file this away!
guitpick@reddit
Honestly, using a single
&might be better in this case, as&&only runs the second part if the first one succeeds. If the/releaseerrors out for some reason, you still might end up disconnected.WhenTheDevilCome@reddit
Roses are red
Violets are blue
This line releases,
...
jeffrey_f@reddit
Rambo? Afterhours, drop the breakers and bring each area up a few seconds apart, except the data closet.
The nicer way? Drop the switches for about 30 seconds and bring them back up.
Likely the right way is to tell everyone to shut the computers off before they leave, but they won't all comply so dropping the switches for about 30 seconds and back on.
Talino@reddit
I’ve done this to switch subnet before. Created a new VLAN in the network core with its own DHCP and then for each endpoint switch, made the new VLAN untagged on the trunk from the core and rebooted the switch.
Hot-Comfort8839@reddit
$hosts = @("host1", "host2", "host3")
Invoke-Command -ComputerName $hosts -ScriptBlock { ipconfig /release; ipconfig /renew }
darthfiber@reddit
Why don’t you start with what you are trying to accomplish and your environment? If you are trying to change the IP scope for example you could configure a second address if your gateway supports it and configure a new scope.
tomasalves35@reddit
This
flaccidplumbus@reddit
Power cycle switches
flaccidplumbus@reddit
Flip a breaker
cbowers@reddit
Do you not have an agent installed that you can run a local command shell command with? For us, we could send an “ipconfig /release && ipconfig /renew” via an OS task in the ESET server console to all servers and endpoints; or send it via the ScreenConnect or Connectwise Automate console, or even the managed Velociraptor agent from the Rapid7 SIEM agent.
We completely re-segregated the network into additional subnets and VLANs with most endpoints not even noticing the 1 second blip.
Kapzlock@reddit
Reboot the switches 😈
russellbarrick@reddit
I have seen far too many answers before I got to the first person saying reboot the switch. This is the way and I will also add to blame a rogue emf storm if anyone notices.
Latter-Ad7199@reddit
You could fuck about trying to script remote commands or some shit
Or
Just reboot the access switches
orion3311@reddit
Power cycle the switches
landob@reddit
Last time i needed to do this i just powercycled the switches. Not fancy, but it worked
TrippTrappTrinn@reddit
New DHCP scope. Delete the old scope and let nature do the rest.
Head-Web-404@reddit (OP)
Computers will wait till the lease expires before trying to contact DHCP SERVER.
FrankNicklin@reddit
No, renegotiation starts at 50% of the lease time. a T1 request is sent at 50% lease time then the next T2 at 87.5% of the lease time, if that fails then at 100% the device in theory looses the IP address.
dnuohxof-2@reddit
I never knew this about DHCP. Neat
uptimefordays@reddit
Yep DHCP leases use a half life!
ErrorID10T@reddit
In theory. There's always that one device where the manufacturer decided to put their own specification in for when and how it should renew, because not following standards is how you know you have a quality product.
ErrorID10T@reddit
Plan ahead, set your DHCP lease time really low, and then update the DHCP scope, options, or whatever. Alternatively if you have some sort of tool that can push out scripts or commands just manually run a command to do it.
DHCP renewal is initiated by the device, you have to instruct it when to renew either by manually renewing or giving it a specific lease time.
simonjakeevan@reddit
Wouldn't Ipconfig /release /renew work?
ErrorID10T@reddit
That's a horrible idea. You don't need the /release, you can just do /renew. /release, if anything goes wrong with the renewal process, can result in a whole bunch of computers offline that need to be manually fixed or rebooted to come back online.
Just ipconfig /renew is a better solution.
DekuTreeFallen@reddit
It is a bold strategy to ask for help with DHCP, and then to spend one of the few replies incorrectly trying to correct someone else on DHCP. Do you want the help or not?
I'm kidding, I know you didn't mean anything by it. It is still funny though because a few people in this thread have asked for more information about this x/y problem, and instead of replying to them, you spend the time with the above reply.
Question - did you manually configure these computers to be out of compliance with RFC 2131? Are these computers typical workstations or something else?
Head-Web-404@reddit (OP)
I gave more information under some comments here. Clients are workstations running windows 11.
techforallseasons@reddit
Typical is ~50% of lease time to "renew"; but they are not REQUIRED to follow that pattern.
Printers for example...
raip@reddit
Technically - it is part of the specification (RFC 2131) so they are required to do so. Whether or not they actually do is a completely separate question.
Zebra printers, for example. are a fucking nightmare. They don't even adhere to the appropriate DORA specification when you invalidate their lease, they'll just hold onto the existing one until you actually kill their network connection (and those wireless ones will keep their IP address even when they hit their lease expiration completely).
It's a large reason why in my previous org that we continued to setup static IPs for the Zebra printers even after all other devices were converted to DHCP + Reservations.
techforallseasons@reddit
Yeah -- cameras and HVAC controller can be similar. We set them up static and set a reservation in DHCP for record-keeping.
LUHG_HANI@reddit
Zebra industrial label printer reverting to DHCP is the stuff of nightmares.
rubmahbelly@reddit
If you need it pronto maybe write three lines in Powershell/CMD and push it via software deployment? Inform users upfront?
DULUXR1R2L1L2@reddit
So (in advance) set the lease time to a low number so they naturally expire, make your changes, test, change the lease time back.
raip@reddit
Clients actually contact the DHCP server at 50% to renew (or at 87.5% if T1 fails). If the lease is no longer valid (DHCP NACK), a good client would go through the DORA process again.
TrippTrappTrinn@reddit
Yes, that is the natural way. If you have client management, just push out ipconfig/renew.
Sobatjka@reddit
Yes.
curi0us_carniv0re@reddit
Unplug the switches 😅
twolfhawk@reddit
Expire all lease. Fortinet, unifi, watchguard, Cisco they all have a method
Head-Web-404@reddit (OP)
To force a client to expire his lease ? How
twolfhawk@reddit
Depends on the system. In watchgueard system manager its literally right click the firewall and "expire lease"
For others its cli
Whole-Ad-3196@reddit
https://www.reddit.com/r/WatchGuard/comments/18jsy12/expire_lease_tool/
twolfhawk@reddit
So watchguard lied to me...
Whole-Ad-3196@reddit
Love how there is always someone who thinks there's some magical purge button on the Firewall/DHCP server that will do this without having to do anything on the client or caring about how DHCP actually works.
I.E Watchguard does not have a method; you can reboot, which can clear the lease pool, but the hosts still technically own the IP address they were originally assigned based on whatever the original lease was, or 50% whatever.
twolfhawk@reddit
Guess you never used cli. You are technically correct, lowering lease time will work when the existing lease ends. However, when you need to nuke it, you nuke it.
If you want to trigger all Windows devices- use powershell.
newtekie1@reddit
Have you tried turning the entire network off and back on again?
Spiritual-Yam-1410@reddit
Reset the DHCP scope? That'll force renew on next check-in. Or just reboot the switch they're on if you want chaos. What's the actual problem you're solving?
chasingpackets@reddit
Have a planned unplanned power outage in your MDF/IDFs and boot your access layer infrastructure.
It will all work itself out.
Weary_Patience_7778@reddit
Power cycle your switches :)
Ok-Butterscotch-4858@reddit
Just f it and reboot it 😂
thaneliness@reddit
Do you have said clients on an RMM? I personally would just execute a script. Here’s simple one for powershell:
ipconfig /release ipconfig /renew
howboutno55@reddit
Just make sure it's one script lol, I immediately imagined a case where some bonehead messes up and sends out release and renew as two separate scripts, the workstations process the release command and are no longer on the network to receive the renew command.
thaneliness@reddit
😂😂
Serapus@reddit
If only for security, printers should be on their own VLAN(s) and static if possible. Segment your network, but don't go bananas.
kooroo@reddit
power cycle the building.
LokiLong1973@reddit
Better even, power cycle the universe, just to be sure.
enigmaunbound@reddit
Throw a squirrel at the local power substation?
AlkalineGallery@reddit
This is the only correct answer in the entire thread.
FarmboyJustice@reddit
If the goal is just to get all clients to renew their existing leases, power cycle the switches.
If the goal is to force all clients to get new leases with new parameters, delete all the existing leases, then power cycle the switches.
NorthAntarcticSysadm@reddit
Restart the client access portion of the network stack
Or, plan well in advance and shrink DHCP lease
buck-futter@reddit
Send the command:
ipconfig /release && ipconfig /renew
I've noticed Windows clients sometimes don't fetch a new list of DNS servers when renewing the lease unless it was released first. So if you're changing your domain controller IP address and they're also the only DNS servers, you'll need to do this command or reboot every workstation.
Ok_Perception_294@reddit
Reboot the core switch during prod, issue resolved.
jdiscount@reddit
Not enough information
What type of clients?
Windows, Linux, MacOS, BSD, Solaris etc.
How do you manage them, what's your DHCP server.
Have you tried anything before making a low effort reddit post?
Head-Web-404@reddit (OP)
All windows and DHCP server is on The Firewall
jclimb94@reddit
Have you tried forcing an unexpected reboot?!?
Head-Web-404@reddit (OP)
Like I said before, this will required rebooting all the switches across the building, and some tiny switches are unmanaged so you have to well know the building and where every single switch is located
Wolfram_And_Hart@reddit
Active Directory?
Import-Module ActiveDirectory
$OU = "OU=Workstations,OU=Computers,DC=domain,DC=local" $Computers = Get-ADComputer -Filter * -SearchBase $OU | Select-Object -ExpandProperty Name
foreach ($Computer in $Computers) {
}
StrikingPeace@reddit
change the DHCP and force reboot the clients
dathar@reddit
Have a live demo of the building's diesel generator switchover.
atw527@reddit
Cycle power to the building.
ferrybig@reddit
For modern IP, just push an IPv6 ICMP router advertisement with the old prefix set to a lifetime on 0 seconds and the new prefix they have to use with a lifetime in the future
Intrepid00@reddit
Power cycle all the switches
Foxk@reddit
Goverlan!
PH_PIT@reddit
ipconfig /release && ipconfig /renew - in the login script?
systonia_@reddit
set low dhcp lease time
remote powershell to ipconfig /renew
GPO with a runonce scheduled task to ipconfig /renew
turn switchports off/on
reboot clients
reboot switches
Powercycle entire building
ccsrpsw@reddit
If you are moving machines to a new subnet rather than just renewing their addresses, dropping the network on the switch side is the only way to force it (shut/no shut on the port) realistically. (Just been through this with a re-iping of a whole site).
If you just want to refresh the pool and can reach the machine then a:
Is probably your only other alternative (theres probably a typo in there since I just thew it together in the Reddit editor not VSCode
Omadon667@reddit
I think this is the best answer, as its the one I always used to use. 😃
SylvainLafrance@reddit
By far the most interesting solution 👍
ParticularDonut7555@reddit
Go to your DHCP console, select the scope, and delete the current leases. What happens: The next time a client talks to the network (or when their half-lease time hits), the server will tell them their old IP is gone and force a new DORA process
unnecessary-ambition@reddit
And when the new lease issues an address that a different client is still using because it's not at its half-lease time yet, that's when the real fun begins.
kribg@reddit
This seems like a great way to get duplicate IP addresses assigned. Since the dhcp server no longer has a history of what was assigned and some machines will still have the old address for a while you can get overlap.
Sgt_Blutwurst@reddit
Millzee69@reddit
Why?, first question i’d ask then plan accordingly. Are clients over vpn, local etc… can gateway be changed temporarily to force new addresses. Id set whats existing lease time. New network/vlan etc?
The main question still stands - why?
ultradip@reddit
Set the DHCP expiration to 1 hour?
pdp10@reddit
One does not simply force DHCP and WiFi clients into anything. You have to make them want to do it.
Depending on what you're trying to solve, you could send IPv6 Router Advertisements and give everything a new or additional IPv6 address in 5 to 10 seconds, though.
hornethacker97@reddit
I just want to know why a medium size business’ LAN doesn’t have IP scavenging enabled in DNS 🤦♂️
rswwalker@reddit
So many people suggesting rebooting switches don’t seem to realize how disruptive that is! Most enterprise switches take time to restart and if they are stacked it could take even more time. There are also WiFi APs getting PoE from those switches which will also reboot.
Do not reboot switches.
You can either, a) wait for clients to auto renew, and reduce lease time for the future it its too long, or b) push an Intune script or GPO immediate task to do an ipconfig /renew. You don’t need an ipconfig /release if you’re not changing IP subnets and is also disruptive, might as well ask users to reboot.
Grand_rooster@reddit
If windows machines then run a script on a loop.
Ipconfig /renew
I use sysquerypro to help multitask.
Need_no_Reddit_name@reddit
If you know the names of the devices, and you have Remote management set up correctly, a script (or scripts) will do the trick.
For example if they are windows devices and you have WinRM and psremoting enabled (and the correct permissions setup). Then you could pull the list of computers from AD and have the script run through the list using invoke-command to run ipconfig /renew.
If that will not work, then do as others have suggested and change your dhcp lease time
mymonstroddity@reddit
If they are managed, deploy a task to execute command ipconfig /release && ipconfig /renew
easy peezy
mymonstroddity@reddit
But also remember to clear the dhcp reservations first
redtollman@reddit
In a past life I’d: psexec /s @hosts.txt ipconfig /renew
ender-_@reddit
psexec -h -u YOURDOMAIN\administrator \\* ipconfig /renew^(don't do this)
thomasmitschke@reddit
Disconnect them from the switches-port disable and then enable. 2 commands per stack.
djmonsta@reddit
Disable DHCP scope. Wait 10 mins. Reenable DHCP scope.
/s
(Seriously, don't do this).
antomaa12@reddit
If you can, you could do it with PSExec, or if you can get a CSV with all computers names / IPs, you could create a small PowerShell script which do a ForEach and executes the dhcp force renew command via PS-Sessions
no_your_other_right@reddit
If they are all or mostly Windows endpoints, use Powershell.
Invoke-CimMethod -ComputerName "RemotePCName" -Namespace "root\cimv2" -ClassName "Win32_NetworkAdapterConfiguration" -MethodName "RenewDHCPLeaseAll" ```
Creative_Progress803@reddit
If the addresses are from a DHCP lease, I'd set the lease time to 10 minutes, go get a coffee and set the lease back to whatever value it was prior my changing.
samueldawg@reddit
Script to bounce all switch ports on all switches - except trunks
admlshake@reddit
Step 1. Find the breaker panel...
Master-IT-All@reddit
I issue a command in RMM.
guitpick@reddit
If these are Windows machines, psexec or schedule a one-time task in group policy to do an
ipconfig /renew. A `FOR /L` loop in an interactive command prompt running as admin can knock out a bunch at once for an IP range.for /L %C in (1,1,254) DO c:\sysinternals\psexec.exe \\192.168.0.%C ipconfig /renewIf you're trying to do this because you staged a new DHCP server, be aware that sometimes Windows clients (not sure if it's all versions or not) will ignore responses from DHCP servers at a different IP than the issuing server until it thinks the the old lease expired or is forcefully released and then renewed. Also, if you run them all at once, having this many clients in sync could be a little annoying for DHCP server load purposes until they drift, but shouldn't really be that bad for 500 nodes.
Binestar@reddit
Is this an X-Y problem? Why are you doing it? Are you changing the network settings? the netmask? The entire range?
Preferably you would lower the Lease Duration on your DHCP server to something low like 5-10 minutes. Let the existing reservations timeout. When you're ready to make the change, do so and let the reservations renew on the new range.
Use your RMM to send a script? Reboot switches?
ThatBCHGuy@reddit
Use your configuration managment tool to release renew.
kyleharveybooks@reddit
Change the vlan on your switch for the new scope… then shut no shut the ports.
Darkace911@reddit
Power outage! Throw the main breaker! The real answer is to change your DHCP timings to 8 hours, you can delete reservations if they are set to something dumb like 7 days if you are in a hurry.
Eiodalin@reddit
What is your current DHCP Lease expiry set for?
kona420@reddit
Identify all uplink ports, use python to loop through port by port and bounce link state.
discgman@reddit
add Logon script to release and renew ip address for everyone. Force everyone to reboot. Leave it on for a day or so then disable.
Fit_Prize_3245@reddit
Turn off your switches
DJDoubleDave@reddit
If we knew what circumstances make this necessary it would inform the answer. Are you changing the address scheme? Trying to push out new DHCP scope options? Something else?
The easiest way is of course to do nothing and wait for the lease time. This isn't a thing you typically need to do manually. If you're planning a future time sensitive change, you can temporarily turn that lease time way down, but you need to do that early enough for the the existing leases to expire so everyone gets the new, shorter lease.
The quickest way will probably be to push out a script with whatever endpoint management system you use.
MoreTHCplz@reddit
You should really just switch everyone to IPv6 while you are at it
mauiadmin@reddit
Using GPO: Deploy autotask every hour with a ps1 inside. Ps1 with this line "ipconfig release && ipconfig renew". Intune: you cab deploy the ps1 as app or use a remediation.
BrainWaveCC@reddit
Because?
pentangleit@reddit
A lot of people here assuming you only have 100% DHCP clients on your network.
Ruachta@reddit
Make whatever DHCP changes you need to make. Then depending on your management platform I would do the following on all access ports on all switches. Our environment is all 48's with the trunk on higher ports.
interface range GigabitEthernet1/1/1 - 1/1/48
shutdown
no shut
hobovalentine@reddit
Context?
Why do you need all clients to renew their IP address?
apalrd@reddit
- Add new IP prefix to Router Advertisement, apply, wait a bit to let clients pick up their new IP and start using both prefixes at the same time
- Set old IP prefix in Router Advertisement config to set Valid to zero seconds, apply, let clients deprecate their old IP and stop using it
- Once clients have forgotten their old IP, you can remove it entirely from the RA config, and remove routes to it as well
TravelingNightOwl@reddit
Do you want to provide some context here? What is the driving force behind wanting/needing clients to renew their IP address?
illicITparameters@reddit
Change the lease time on your current scope to 2 minutes, let all the clients get the new lease time, make the new scope, delete old scope. Done.
konoo@reddit
I have used Connectwise Control in the past to execute a function like this.