| Identifier | Attribute name | Attribute ID | Attribute type | Extensions | Meaning | Used by the following LCOS module |
| ATTRIBUTE | LCS-Traffic-Limit | 1 | integer | | Defines the data volume in bytes after which the device automatically ends the session. This value is useful for volume-limited accounts. If this attribute is missing in the authentication response, it is assumed that no volume limit applies. A traffic limit of 0 is interpreted as an account which is principally valid, however with a used-up volume budget. The device does not start a session in this case.
Should the traffic limit be higher than the 4 GiB that can be represented here, use the attribute 'LCS-Traffic-Limit-Gigawords'. | Public Spot |
| ATTRIBUTE | LCS-Mac-Address | 2 | string | | MAC address of your device | Public Spot |
| ATTRIBUTE | LCS-Redirection-URL | 3 | string | | This can contain any URL that is offered as an additional link on the start page. This can be the start page of the user or a page with additional information about the user account. | Public Spot |
| ATTRIBUTE | LCS-Comment | 4 | string | | Contains the comment about the user account. | Public Spot |
| ATTRIBUTE | LCS-Account-End | 5 | integer | | Defines an absolute point in time (measured in seconds since January 1, 1970 0:00:00) after which the account becomes invalid. If this attribute is missing, an unlimited account is assumed. The device does not start a session if its internal clock has not been set, or the given point in time is in the past. | Public Spot |
| ATTRIBUTE | LCS-WPA-Passphrase | 6 | string | | Contains the WPA passphrase for the user account (WLAN client MAC address). Is used in conjunction with LEPS (LANCOM Enhanced Passphrase Security). | WLAN (LEPS) |
| ATTRIBUTE | LCS-PbSpotUserName | 7 | string | | Contains the name of a Public Spot user for auto-login. Auto-login refers to the table of MAC authenticated users who are automatically assigned usernames by the server. | Public Spot |
| ATTRIBUTE | LCS-TxRateLimit | 8 | integer | | Defines the maximum downstream rate in kbps. This restriction may be combined with the corresponding Public Spot function. | Public Spot |
| ATTRIBUTE | LCS-RxRateLimit | 9 | integer | | Defines the maximum upstream rate in kbps. This restriction may be combined with the corresponding Public Spot function. | Public Spot |
| ATTRIBUTE | LCS-Access-Rights | 11 | integer | | Access rights given to a device administrator for the RADIUS-based login. | Device login |
| ATTRIBUTE | LCS-Function-Rights | 12 | integer | | Privileges given to a device administrator for the RADIUS-based login. | Device login |
| ATTRIBUTE | LCS-Advertisement-URL | 13 | string | | Specifies a comma-separated list of advertisement URLs. | Public Spot |
| ATTRIBUTE | LCS-Advertisement-Interval | 14 | integer | | Specifies the interval in minutes after which the Public Spot reroutes a user to an advertisement URL. With an interval of 0 forwarding occurs directly after login. | Public Spot |
| ATTRIBUTE | LCS-Traffic-Limit-Gigawords | 15 | integer | | Contains the upper 32 bits of the traffic limit. | Public Spot |
| ATTRIBUTE | LCS-Orig-NAS-Identifier | 16 | string | | For forwarded RADIUS requests, this contains the original NAS identifier (prior to the forwarding). | RADIUS server |
| ATTRIBUTE | LCS-Orig-NAS-IP-Address | 17 | ipaddr | | For forwarded RADIUS requests, this contains the original IPv4 NAS address (prior to the forwarding). | RADIUS server |
| ATTRIBUTE | LCS-Orig-NAS-IPv6-Address | 18 | ipv6addr | | For forwarded RADIUS requests, this contains the original IPv6 NAS address (prior to the forwarding). | RADIUS server |
| ATTRIBUTE | LCS-IKEv2-Local-Password | 19 | string | has_tag,encrypt=2 | Contains the local PSK used in the context of IKEv2. This attribute is transmitted in an encrypted state. | VPN / IKEv2 |
| ATTRIBUTE | LCS-IKEv2-Remote-Password | 20 | string | has_tag,encrypt=2 | Contains the remote PSK used as a part of IKEv2. This attribute is transmitted in an encrypted state. | VPN / IKEv2 |
| ATTRIBUTE | LCS-DNS-Server-IPv4-Address | 21 | ipaddr | | Contains the IPv4 DNS servers announced via Config Payload as a part of IKEv2. | VPN / IKEv2 |
| ATTRIBUTE | LCS-VPN-IPv4-Rule | 22 | string | | Contains the IPv4 network rule(s) used as a part of IKEv2.
Example: 10.1.1.0/24,10.2.0.0/16 * 172.32.0.0/12 | VPN / IKEv2 |
| ATTRIBUTE | LCS-VPN-IPv6-Rule | 23 | string | | Contains the IPv6 network rule(s) used as a part of IKEv2.
Example: 2001:db8:1::/48 * 2001:db8:6::/48 | VPN / IKEv2 |
| ATTRIBUTE | LCS-Routing-Tag | 24 | integer | | Contains the routing tag used to connect to the remote site as a part of IKEv2. | VPN / IKEv2, PPP, L2TP, etc. |
| ATTRIBUTE | LCS-IKEv2-IPv4-Route | 25 | string | | Contains the IPv4 route(s) announced via Config Payload as a part of IKEv2.
Example: 192.168.1.0/24 | VPN / IKEv2 |
| ATTRIBUTE | LCS-IKEv2-IPv6-Route | 26 | string | | Contains the IPv6 route(s) announced via Config Payload as a part of IKEv2.
Example: 2001:db8::/64 | VPN / IKEv2 |
