Starlink Stats Page

Solved
Moorera
Here to help

Starlink Stats Page

Has anyone managed to access Starlink Stats from the LAN side of their MX?  I can see packets leave the MX but never return when I use the capture capability on the MX for this.  I suspect the Firewall is dropping had a ticket open with Meraki but then got busy at work and wasn't able to follow up.  Though in the back and forth I did have going on with them before getting busy the thought was the MX is delivering the packet out its WAN interface following the 0.0.0.0 route and it should not be Meraki.  If I look at other routers they always have to define a static route to 192.168.100.0/24 out their WAN interface to make this work (Which I guess adjust's their Firewall rules for inbound).

 

I believe I need to build an inbound rule and static route but that doesn't seem possible as static routes are only for LAN interfaces and you cannot create an inbound for IPv4.

 

Thoughts?

Regards

Screenshot 2022-05-07 at 11.04.56.pngScreenshot 2022-05-07 at 11.05.49.png

1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal

Static routes can only be added to the MX where the next hop is on a local subnet.

From what I've read, most people are working around this by placing a switch between dishy and the MX. They then connect both the MX's WAN port and LAN port to the switch, and create a vlan on the MX with the 192.168.100.x subnet in order to reach the stats page.

 

Can't say its elegant but apparently it works...

View solution in original post

10 Replies 10
ww
Kind of a big deal
Kind of a big deal

All unknown destinations  follow the default route. In you case the wan/nat interface. Packets are going out but nothing comes back. That makes me think its a starlink side problem

 

If you connect a pc directly  to starlink can you access the stats ip?

Brash
Kind of a big deal
Kind of a big deal

Static routes can only be added to the MX where the next hop is on a local subnet.

From what I've read, most people are working around this by placing a switch between dishy and the MX. They then connect both the MX's WAN port and LAN port to the switch, and create a vlan on the MX with the 192.168.100.x subnet in order to reach the stats page.

 

Can't say its elegant but apparently it works...

Moorera
Here to help

Thanks this was what I was thinking but couldn't bring myself to build this. Guess I have to now as I cannot think of anything else.  🙂

 

KarstenI
Kind of a big deal
Kind of a big deal

And don't forget a strict access-control from this VLAN as it is outside of your network.

Moorera
Here to help

Thanks... This solution still have challenges.  If I have a device on that VLAN then I can read the stats page. If I am on another VLAN I cannot. It looks like that DISHY must have some ARP issues as it can never return the packet to a off VLAN device as it never finds a gateway.

Brash
Kind of a big deal
Kind of a big deal

That's a good point. By the sound of it, the dishy stats interface doesn't have a default gateway, so you won't be able to reach it from other subnets.

This is where an outbound NAT rule would resolve this, however Meraki MX's do not support outbound NAT on a LAN interface.

Moorera
Here to help

That lack of outbound NAT I think is the challenge.  I'm going to stick with this setup and start a nano-pi-w and see if I can plug in a Mirco Usb LAN interface (gotta find one first) and use that to act as a VNC accessbile bridge like device.  I can connect to the Pi via WiFi and access the stats page from it via the Micro USB Ethernet link. I know I have some connectivity problems and really want the stats to help troubleshoot.

KarstenI
Kind of a big deal
Kind of a big deal

I would put the Pi into this DMZ-like network and run a proxy server on it. With that you don’t have to explicitly connect to the Pi wireless.

Moorera
Here to help

Hey I like that idea.  I've ordered a micro usb RJ45 ethernet adapter.  When I get that I'll have a look and see what I can do.  Only wish this was more a API than a l web page... 

jbright
A model citizen

I have a router running OpenWRT between the Dish and the WAN interface on my MX.

The router has a static route in it pointing back to the dish.

This allows anything on the LAN side of the MX to reach the IP address of dish (192.168.100.1).

Here's what the static route looks like.

 

route.png

 

Since Starlink started enforcing only one IP address per dish, the router also acts a NAT device, allowing multiple devices, including the MX, to all access the Starlink network simultaneously. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels