diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index caf51a94a..be4039855 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3238,7 +3238,7 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 	fclose(f);
 
 	for (i = 0; i < conf->num_bss; i++)
-		hostapd_set_security_params(conf->bss[i]);
+		hostapd_set_security_params(conf->bss[i], 1);
 
 	if (hostapd_config_check(conf, 1))
 		errors++;
@@ -3270,7 +3270,7 @@ int hostapd_set_iface(struct hostapd_config *conf,
 	}
 
 	for (i = 0; i < conf->num_bss; i++)
-		hostapd_set_security_params(conf->bss[i]);
+		hostapd_set_security_params(conf->bss[i], 0);
 
 	if (hostapd_config_check(conf, 0)) {
 		wpa_printf(MSG_ERROR, "Configuration check failed");
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 9680817b5..7535b1b75 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -859,7 +859,8 @@ int hostapd_config_check(struct hostapd_config *conf, int full_config)
 }
 
 
-void hostapd_set_security_params(struct hostapd_bss_config *bss)
+void hostapd_set_security_params(struct hostapd_bss_config *bss,
+				 int full_config)
 {
 	if (bss->individual_wep_key_len == 0) {
 		/* individual keys are not use; can use key idx0 for
@@ -872,8 +873,10 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss)
 	bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
 						    bss->rsn_pairwise);
 
-	bss->radius->auth_server = bss->radius->auth_servers;
-	bss->radius->acct_server = bss->radius->acct_servers;
+	if (full_config) {
+		bss->radius->auth_server = bss->radius->auth_servers;
+		bss->radius->acct_server = bss->radius->acct_servers;
+	}
 
 	if (bss->wpa && bss->ieee802_1x) {
 		bss->ssid.security_policy = SECURITY_WPA;
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index dfbe62602..905aec32c 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -621,6 +621,7 @@ const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
 struct hostapd_radius_attr *
 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type);
 int hostapd_config_check(struct hostapd_config *conf, int full_config);
-void hostapd_set_security_params(struct hostapd_bss_config *bss);
+void hostapd_set_security_params(struct hostapd_bss_config *bss,
+				 int full_config);
 
 #endif /* HOSTAPD_CONFIG_H */
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index b7e118c06..243f4117a 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1630,6 +1630,8 @@ static void hostapd_deinit_driver(const struct wpa_driver_ops *driver,
 
 int hostapd_enable_iface(struct hostapd_iface *hapd_iface)
 {
+	size_t j;
+
 	if (hapd_iface->bss[0]->drv_priv != NULL) {
 		wpa_printf(MSG_ERROR, "Interface %s already enabled",
 			   hapd_iface->conf->bss[0]->iface);
@@ -1639,6 +1641,8 @@ int hostapd_enable_iface(struct hostapd_iface *hapd_iface)
 	wpa_printf(MSG_DEBUG, "Enable interface %s",
 		   hapd_iface->conf->bss[0]->iface);
 
+	for (j = 0; j < hapd_iface->num_bss; j++)
+		hostapd_set_security_params(hapd_iface->conf->bss[j], 1);
 	if (hostapd_config_check(hapd_iface->conf, 1) < 0) {
 		wpa_printf(MSG_INFO, "Invalid configuration - cannot enable");
 		return -1;
@@ -1667,7 +1671,7 @@ int hostapd_reload_iface(struct hostapd_iface *hapd_iface)
 	wpa_printf(MSG_DEBUG, "Reload interface %s",
 		   hapd_iface->conf->bss[0]->iface);
 	for (j = 0; j < hapd_iface->num_bss; j++)
-		hostapd_set_security_params(hapd_iface->conf->bss[j]);
+		hostapd_set_security_params(hapd_iface->conf->bss[j], 1);
 	if (hostapd_config_check(hapd_iface->conf, 1) < 0) {
 		wpa_printf(MSG_ERROR, "Updated configuration is invalid");
 		return -1;