diff --git a/src/eap_peer/eap_tnc.c b/src/eap_peer/eap_tnc.c
index c560015..78c25db 100644
--- a/src/eap_peer/eap_tnc.c
+++ b/src/eap_peer/eap_tnc.c
@@ -72,14 +72,16 @@ static void eap_tnc_deinit(struct eap_sm *sm, void *priv)
 static struct wpabuf * eap_tnc_build_frag_ack(u8 id, u8 code)
 {
 	struct wpabuf *msg;
+	u8 flags = EAP_TNC_VERSION;
 
-	msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TNC, 0, code, id);
+	msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TNC, 1, code, id);
 	if (msg == NULL) {
 		wpa_printf(MSG_ERROR, "EAP-TNC: Failed to allocate memory "
 			   "for fragment ack");
 		return NULL;
 	}
 
+	wpabuf_put_u8(msg, flags); /* Flags */
 	wpa_printf(MSG_DEBUG, "EAP-TNC: Send fragment ack");
 
 	return msg;
@@ -228,12 +230,14 @@ static struct wpabuf * eap_tnc_process(struct eap_sm *sm, void *priv,
 
 	end = pos + len;
 
-	if (len == 0)
-		flags = 0; /* fragment ack */
-	else
-		flags = *pos++;
+	if (len == 0) {
+		wpa_printf(MSG_DEBUG, "EAP-TNC: 0 payload");
+		return NULL;
+	}
+
+	flags = *pos++;
 
-	if (len > 0 && (flags & EAP_TNC_VERSION_MASK) != EAP_TNC_VERSION) {
+	if (len > 1 && (flags & EAP_TNC_VERSION_MASK) != EAP_TNC_VERSION) {
 		wpa_printf(MSG_DEBUG, "EAP-TNC: Unsupported version %d",
 			   flags & EAP_TNC_VERSION_MASK);
 		ret->ignore = TRUE;
@@ -261,8 +265,8 @@ static struct wpabuf * eap_tnc_process(struct eap_sm *sm, void *priv,
 	wpa_printf(MSG_DEBUG, "EAP-TNC: Received packet: Flags 0x%x "
 		   "Message Length %u", flags, message_length);
 
-	if (data->state == WAIT_FRAG_ACK) {
-		if (len != 0) {
+	if (data->state == WAIT_FRAG_ACK && flags == EAP_TNC_VERSION) {
+		if (len != 1) {
 			wpa_printf(MSG_DEBUG, "EAP-TNC: Unexpected payload in "
 				   "WAIT_FRAG_ACK state");
 			ret->ignore = TRUE;