diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 672c7489556..bc24addc7af 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -1555,6 +1555,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
         String vlanId = cmd.getVlan();
         Boolean forVirtualNetwork = cmd.isForVirtualNetwork();
         Long networkId = cmd.getNetworkID();
+        String networkVlanId = null;
         
         // If an account name and domain ID are specified, look up the account
         String accountName = cmd.getAccountName();
@@ -1616,6 +1617,19 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
         if (endIP == null && startIP != null) {
             endIP = startIP;
         }
+        
+        //if vlan is specified, throw an error if it's not equal to network's vlanId
+        if (network != null) {
+            URI uri = network.getBroadcastUri();
+            if (uri != null) {
+                String[] vlan = uri.toString().split("vlan:\\/\\/");
+                networkVlanId = vlan[1];
+            }
+        }
+
+        if (vlanId != null && networkVlanId != null && !networkVlanId.equalsIgnoreCase(vlanId)) {
+            throw new InvalidParameterValueException("Vlan doesn't match vlan of the network");
+        }
           
         if (forVirtualNetwork || zone.getNetworkType() == DataCenter.NetworkType.Basic || network.isSecurityGroupEnabled()) {
             if (vlanGateway == null || vlanNetmask == null || zoneId == null) {
@@ -1645,10 +1659,8 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
             zoneId = networkZoneId;
             
             //set vlanId if it's not null for the network
-            URI uri = network.getBroadcastUri();
-            if (uri != null) {
-                String[] vlan = uri.toString().split("vlan:\\/\\/");
-                vlanId = vlan[1];
+            if (networkVlanId != null) {
+                vlanId = networkVlanId;
             }
         }
         
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index cb02642df38..aeb1c81d9d4 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -713,7 +713,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 "Direct", 
                 TrafficType.Guest, 
                 false, 
-                false, 
+                true, 
                 null, 
                 null, 
                 null, 
@@ -1519,9 +1519,25 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 throw new InvalidParameterValueException("Network with vlan " + vlanId + " already exists in zone " + zoneId);
             }
         }
+        
+        //Don't allow to create guest virtual network with Vlan specified
+        if (networkOffering.getGuestType() == GuestIpType.Virtual && vlanId != null) {
+            throw new InvalidParameterValueException("Can't specify vlan when create network with Guest IP Type " + GuestIpType.Virtual);
+        }
+        
+        //Regular user can create guest Virtual network only
+        if (ctxAccount.getType() == Account.ACCOUNT_TYPE_NORMAL && (networkOffering.getGuestType() != GuestIpType.Virtual || networkOffering.getTrafficType() != TrafficType.Guest)) {
+            throw new InvalidParameterValueException("Regular user can create a network only from the network offering having traffic type " + TrafficType.Guest);
+        }
+        
+        //Don't allow to specify cidr if the caller is a regular user
+        if (ctxAccount.getType() == Account.ACCOUNT_TYPE_NORMAL && (cidr != null || vlanId != null)) {
+            throw new InvalidParameterValueException("Regular user is not allowed to specify gateway/netmask/ipRange/vlanId");
+        }
+        
 
         // VlanId can be specified only when network offering supports it
-        if (ctxAccount.getType() == Account.ACCOUNT_TYPE_NORMAL && vlanId != null && !networkOffering.getSpecifyVlan()) {
+        if (vlanId != null && !networkOffering.getSpecifyVlan()) {
             throw new InvalidParameterValueException("Can't specify vlan because network offering doesn't support it");
         }
 
diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java
index f47d33be2bf..0a16f3f44ec 100644
--- a/server/src/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/com/cloud/server/ConfigurationServerImpl.java
@@ -753,7 +753,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
                 NetworkOffering.DefaultDirectNetworkOffering, 
                 "Direct", 
                 TrafficType.Guest, 
-                false, false, null, null, null, true, 
+                false, true, null, null, null, true, 
                 Availability.Required, 
                 true, true, true, //services - all true except for firewall/lb/vpn and gateway
                 false, false, false, false, GuestIpType.Direct);