How to Force DHCP Server to Renew Client IP Without Client-Side Intervention


3 views

In enterprise environments, we often encounter situations where we need to modify a client's assigned IP address in the DHCP server configuration (dhcpd.conf) but cannot access the client machine to release/renew its lease. Here's a technical deep dive into solving this problem.

When a client first connects to the network, it receives an IP address through the DORA process (Discover, Offer, Request, Acknowledge). The lease duration is determined by:

default-lease-time 600;
max-lease-time 7200;

Once assigned, the client will only request renewal at 50% of lease time (T1) and 87.5% (T2).

Option 1: Restart DHCP Service

For ISC DHCP Server:

# systemctl restart isc-dhcp-server
# or
# /etc/init.d/isc-dhcp-server restart

Option 2: Clear Specific Lease

Locate the lease file (typically /var/lib/dhcp/dhcpd.leases) and remove the specific entry:

# grep -A 10 "client-mac-address" /var/lib/dhcp/dhcpd.leases
# nano /var/lib/dhcp/dhcpd.leases
[Delete the relevant lease block]
# systemctl restart isc-dhcp-server

The ISC DHCP server provides OMAPI for programmatic control:

# Install omshell if needed
# apt-get install ominsite

$ omshell
> server localhost
> port 7911
> key omapi_key "your-key-here"
> connect
> new lease
> set ip-address = 192.168.1.100
> set hardware-address = 00:11:22:33:44:55
> open
> set ends = "new-date-here"
> update
> quit

Create a force-renew script (force_renew.sh):

#!/bin/bash
MAC=$1
NEW_IP=$2

# Find and remove lease
LEASE_FILE="/var/lib/dhcp/dhcpd.leases"
TMP_FILE="/tmp/dhcpd.leases.tmp"

awk -v mac="$MAC" 'BEGIN {RS="}\n"; ORS="}\n"} !index($0,mac)' $LEASE_FILE > $TMP_FILE
mv $TMP_FILE $LEASE_FILE

# Update config if needed
sed -i "/$MAC/{n;s/.*/  fixed-address $NEW_IP;/}" /etc/dhcp/dhcpd.conf

# Restart service
systemctl restart isc-dhcp-server

If you control the network infrastructure:

  • Port shutdown/restart on the switch
  • ARP cache poisoning (not recommended for production)
  • 802.1X reauthentication if using NAC

1. Some DHCP implementations (Windows Server) maintain persistent lease databases
2. Lease files may be binary in some implementations
3. Always backup lease files before modification
4. Consider DHCP snooping configurations that might interfere

In network administration, there are situations where you need to force a DHCP server to renew a client's IP address without accessing the client machine. This typically occurs when:

  • A new MAC-to-IP mapping is added to dhcpd.conf
  • The client currently holds a random IP (A) but should switch to a reserved IP (B)
  • You cannot modify lease times or reboot any machines

Here are the most effective approaches to achieve this:

Method 1: DHCP Server Lease Manipulation

For ISC DHCP servers, you can directly manipulate the lease database:


# Locate the lease file (typically /var/lib/dhcp/dhcpd.leases)
# Find the client's current lease using its MAC address
# Then force the server to re-read configurations:
sudo systemctl restart dhcpd.service

Method 2: Using dhcpd-pools Tool

The dhcpd-pools package provides utilities to interact with active leases:


# Install the tool (Debian/Ubuntu):
sudo apt-get install dhcpd-pools

# Force lease renewal for specific MAC:
sudo dhcpd-pools -c /etc/dhcp/dhcpd.conf -l /var/lib/dhcp/dhcpd.leases \
  --release --mac 00:11:22:33:44:55

Method 3: DHCP Server Commands

Some DHCP servers support administrative commands:


# For ISC DHCP server with omapi enabled:
omshell <<EOF
server localhost
port 7911
connect
new lease
set ip-address = 192.168.1.100
set hardware-address = 00:11:22:33:44:55
open
set ends = 1
update
EOF
  • Always backup dhcpd.conf and lease files before modifications
  • Changes might take 1-2 minutes to propagate depending on server configuration
  • For Windows DHCP servers, use PowerShell cmdlets instead

If the IP doesn't change immediately:


# Check server logs:
journalctl -u dhcpd -f

# Verify client still active:
dhcp-lease-list

# Force ARP cache update on router (if needed):
arp -d client-ip-address