What are vendor-specific TLVs with 00,10,18 OUI for?

Chris Phoenix cphoenix
Sun Feb 5 22:55:36 PST 2012

Two devices - a cell phone with a Huawei chip, and an iPad - send a
vendor-specific TLV as part of their Authenticate request packet.

The TLV is 0xdd, 0x09, 0x00, 0x10, 0x18, 0x02, 0x00, 0x00, 0x01, 0x00,
0x00. WireShark says this is a Broadcom TLV, type 2, length 9.

My Belkin router sends a TLV with the same OUI, but type 1 and length 6.
0xdd, 0x06, 0x00, 0x10, 0x18, 0x01, 0x00, 0x00,

I can't find anywhere in wpa_supplicant that this TLV could be
generated. And I can't find anywhere online that documents it.

My supplicant/driver, using a Wi2Wi chip, will connect to my Belkin in
WPA mode. But it will not connect to my boss's AirPort in WPA mode;
the Auth packet is simply ignored despite repeated sends. His iPad
will connect to his AirPort. The only difference between the Auth
packets is that my packet doesn't have the "Broadcom" TLV.

Can anyone tell me what this TLV is for, and how to generate it properly?


Chris Phoenix
cphoenix at gmail.com

More information about the Hostap mailing list