Captive Portal Allowlist
Omada pre-authentication access for PaySpot
Add only the domains customers need before authentication. This lets PaySpot and checkout load inside the captive browser without accidentally bypassing the portal.
When this is needed
- Users must open PaySpot before they are authenticated on the hotspot.
- The captive page has a Buy Voucher button.
- Paystack checkout must load inside the captive portal browser.
- Omada is using External Web Portal for RADIUS/account access.
Where to configure it
- Omada v5.9 to v6: Site Settings -> Authentication -> Portal -> Access Control.
- Omada v6.2+: Site View -> Network Config -> Authentication -> Portal -> Access Control.
- Enable Pre-Authentication Access, click Add, choose URL or IP Range, then Save and Apply.
PaySpot imported portal entries
- Imported PaySpot HTML runs from Omada, so the HTML file itself does not need an allowlist entry.
- Add payspot.abdxl.cloud so the Buy Voucher link can open before authentication.
- Add the tenant custom PaySpot domain too, if one is used.
- Add a separate portal host only when the page is hosted outside Omada instead of imported.
- Use URL entries for hostnames; use IP Range only for local controller or gateway addresses.
Official Omada Screenshots
Minimum entries
- payspot.abdxl.cloud
- Tenant custom domain, if used, for example wifi.example.com
- Custom portal host, if different from PaySpot
Payment checkout entries
- checkout.paystack.com
- paystack.com
- *.paystack.com, only if the controller supports wildcard or domain-suffix entries
External RADIUS browserauth note
In External Web Portal mode, PaySpot sends the browser back to Omada's/portal/radius/browserauthendpoint. If the client browser cannot submit to the controller, add the controller IP or hostname shown in Omada's target parameter.