diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c
--- a/sys/net80211/ieee80211_ioctl.c
+++ b/sys/net80211/ieee80211_ioctl.c
@@ -2596,6 +2596,18 @@
 			return EINVAL;
 	/* cleanse flags just in case, could reject if invalid flags */
 	sr->sr_flags &= IEEE80211_IOC_SCAN_FLAGS;
+
+	/*
+	 * If the driver does not support BGSCAN, or BGSCAN is disabled
+	 * do not allow the IEEE80211_SCAN_BGSCAN flag to go through
+	 * to avoid accidentally enabling BGSCANs.
+	 * Also if not STA mode [see ieee80211_vap_setup()].
+	 */
+	if ((vap->iv_caps & IEEE80211_C_BGSCAN) == 0 ||
+	    (vap->iv_flags & IEEE80211_F_BGSCAN) == 0 ||
+	    vap->iv_opmode != IEEE80211_M_STA)
+		sr->sr_flags &= ~IEEE80211_IOC_SCAN_BGSCAN;
+
 	/*
 	 * Add an implicit NOPICK if the vap is not marked UP.  This
 	 * allows applications to scan without joining a bss (or picking
diff --git a/sys/net80211/ieee80211_scan.c b/sys/net80211/ieee80211_scan.c
--- a/sys/net80211/ieee80211_scan.c
+++ b/sys/net80211/ieee80211_scan.c
@@ -428,6 +428,19 @@
 
 	// IEEE80211_UNLOCK_ASSERT(sc);
 
+	/*
+	 * If the driver has not announced BGSCAN capabilities
+	 * or BGSCAN is disabled do not attempt to start a bg_scan.
+	 * IEEE80211_F_BGSCAN only gets set if IEEE80211_C_BGSCAN
+	 * was set by the driver, so no need to check for both here.
+	 */
+	if ((vap->iv_flags & IEEE80211_F_BGSCAN) == 0) {
+		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
+		    "%s: BGSCAN not enabled; not starting bg_scan\n",
+		    __func__);
+		return (0);
+	}
+
 	scan = ieee80211_scanner_get(vap->iv_opmode);
 	if (scan == NULL) {
 		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
diff --git a/sys/net80211/ieee80211_scan_sw.c b/sys/net80211/ieee80211_scan_sw.c
--- a/sys/net80211/ieee80211_scan_sw.c
+++ b/sys/net80211/ieee80211_scan_sw.c
@@ -201,7 +201,9 @@
 				vap->iv_stats.is_scan_passive++;
 			if (flags & IEEE80211_SCAN_FLUSH)
 				ss->ss_ops->scan_flush(ss);
-			if (flags & IEEE80211_SCAN_BGSCAN)
+			/* Only BGSCAN if enabled and requested. */
+			if ((vap->iv_flags & IEEE80211_F_BGSCAN) != 0 &&
+			    (flags & IEEE80211_SCAN_BGSCAN) != 0)
 				ic->ic_flags_ext |= IEEE80211_FEXT_BGSCAN;
 
 			/* Set duration for this particular scan */
@@ -339,6 +341,10 @@
 	// IEEE80211_UNLOCK_ASSERT(ic);
 
 	IEEE80211_LOCK(ic);
+	KASSERT((vap->iv_flags & IEEE80211_F_BGSCAN) != 0,
+	    ("%s: vap %p iv_flags %#010x no IEEE80211_F_BGSCAN set",
+	    __func__, vap, vap->iv_flags));
+
 	scanning = ic->ic_flags & IEEE80211_F_SCAN;
 	if (!scanning) {
 		u_int duration;