Sorta Sad Panda – End Of Support Life for Some Netscreen/SSG routers

I was just looking up some Juniper gear I saw in a local auction… and discovered that the wheels of progress are indeed rolling along.

According to the Hardware EOS Milestone page, the NetScreen 5XT and 5GT, cute little firewall/vpn boxes that seem to be all over the place, reach their end of support life on June 30th and December 31st, 2013, respectively. Considering they were announced as EOL about 5 years ago, this isn’t a big surprise.

I was a bit concerned when the same page reported that the replacement products, the SSG-5 and SSG-20, had their EOL announced in December 2011, and their “Last Date to Convert Warranty” and “Same Day Support Discontinued” date is April 29th of this year (4 weeks away). But it looks like this only applies to the Japan, Korea, and Taiwan versions. Whew.

However, some further digging… and I see ScreenOS is on its own End Of Life path… 6.1 is gone, 6.2 has through the end of 2013, and 6.3 is gone at the end of 2015.

I actually use an SSG-20 with the ADSL2+ PIM for my store’s Internet connection… and while it’s not under warranty and I don’t expect to need support, this did make me wonder what I should consider for my next CPE need.

I’d be tempted to put together an SRX240 with DOCSIS and ADSL2+, but best price I can imagine for that is $2k or so, which is more than I want to spend on this project. So maybe I’ll drive the SSG-20 into the ground, and deal with the problem when it arises. There’s always a spare ADSL2+ modem in the cabinet just in case…

Why so blue, panda bear?

I’m not all that sad, to be honest. But I have a habit of going with old technology until it no longer does what I need. Or until it’s cheaper to replace than to maintain, which can be the same thing.

Heck, I have actually installed Windows XP in the past month… and it stops getting updates any day now. And I’m used to far worse support prognoses–I’m looking at you, Cisco Linksys, with the “it’s a year old? Oh, no updates for you!” policies on a lot of your home network gear (wouldn’t be so bad if it was stuff that can run DD-WRT or OpenWRT… but RV042 and the like aren’t a fit there).

Anyway, this gear has had a good run, in the market and in my own environment. So I’ll keep an eye out for new and better gear within a minimal budget, and see where the world takes my networks.

Cheap Gigabit Ethernet Switch – Woohoo

I picked up an insanely cheap Gigabit Ethernet switch this weekend on a junkshop run with a new coworker and an old friend.

It’s a 3com 3C16486 Baseline Switch 2848-SFP Plus that features 48 1000Base-TX ports, four of which are split-personality with SFP module bays alongside the TX ports. It’s web-manageable, for some value of web-manageable, has cable diagnostics built in, and I bought it for far less than I spend on retail brewed coffee in the average month (somewhere between the cost of a Linksys 5 port and Linksys 8 port gigabit switch).

Yes, it’s discontinued, but so are most of my home computing items. I probably have a 3 foot stack of black-and-blue Linksys gear, some pre-Cisco and some post-Cisco. I just figured if I ever get around to building my home lab up, a switch that can do link aggregation and snmp would be good. And it will probably go in an enclosed rack anyway, maybe even in the patio closet.

Anyway, first thing I do when I get a piece of gear, after inspecting and resetting any configuration, is to find the latest firmware and flash it. This wasn’t the easiest thing to do; I found some update pages that offered me the Discovery utility and the firmware update if I just linked a support contract to my 3com web account.

Some creative googling found earlier links on 3com’s site, pointing toward their FTP site which had outdated versions that were older than my current version. A bit of further searching found an earlier version of the Updates page which gave me a newer version of the firmware, v1.0.3.3.

Turns out the default/post-reset IP address is on a sticker on the switch, according to the Users Guide, so I didn’t need the Discovery utility, which I had found at a similar link. Just as good, as it did not seem to run on Windows 7 even in “Windows 95” compatibility mode.

So I plugged my Windows 7 laptop (32-bit) into the switch, used a 169.254 address to hit the switch, and tried uploading the new firmware. It kept losing connectivity to the switch, then the http session would fail as if it timed out, then pings would come back and I could get back to the failsafe screen and start over.

I found a German page that told me to use IE. I had thought of that, but I rebooted Windows 7 (with new AV, which I had tried turning off along with the firewall), loaded IE, and got the same behavior.

I can’t really say why, but going back to Windows XP on an older laptop and running Internet Explorer to do the upload made the upgrade work. I’m now up and running with a nice 48-port switch that is overkill for anything I might want to do, and I have a good reason to keep that XP machine handy in the future.

Next step is to see if I can find another one or two of them for the same price… although I should also mess with the Cisco 1711 I got with analog module… why did I do that? Oh yeah, it might take the DSL module.


Afterthought (2/15/11): I went back and grabbed the other two that were available. One came with a 3com-blessed SX SFP module. Not too bad.