diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 8e6f35a5f..bf17abec3 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1781,6 +1781,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 			}
 		} else if (os_strcmp(buf, "wds_sta") == 0) {
 			bss->wds_sta = atoi(pos);
+		} else if (os_strcmp(buf, "start_disabled") == 0) {
+			bss->start_disabled = atoi(pos);
 		} else if (os_strcmp(buf, "ap_isolate") == 0) {
 			bss->isolate = atoi(pos);
 		} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 68c406946..c46dff5d7 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -389,6 +389,9 @@ wmm_ac_vo_acm=0
 # use a separate bridge.
 #wds_bridge=wds-br0
 
+# Start the AP with beaconing disabled by default.
+#start_disabled=0
+
 # Client isolation can be used to prevent low-level bridging of frames between
 # associated stations in the BSS. By default, this bridging is allowed.
 #ap_isolate=1
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index a744ba627..c9b25992c 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -243,6 +243,7 @@ struct hostapd_bss_config {
 	int num_deny_mac;
 	int wds_sta;
 	int isolate;
+	int start_disabled;
 
 	int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
 			* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index 780b2e2ef..ac6700155 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -806,7 +806,8 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
 		return -1;
 	}
 
-	ieee802_11_set_beacon(hapd);
+	if (!hapd->conf->start_disabled)
+		ieee802_11_set_beacon(hapd);
 
 	if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
 		return -1;