diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index b684e01ea0d..131d34054e3 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -4162,8 +4162,11 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
             sc.addAnd("isDefault", SearchCriteria.Op.EQ, isDefault);
         }
 
-        if (specifyVlan != null) {
+        // only root admin can list network offering with specifyVlan = true
+        if (specifyVlan != null && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
             sc.addAnd("specifyVlan", SearchCriteria.Op.EQ, specifyVlan);
+        }else{
+            specifyVlan = false;
         }
 
         if (availability != null) {
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index 024c969a043..f026dbc2a32 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -1202,9 +1202,9 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
                     + Network.GuestType.Isolated + " with a service " + Service.SourceNat.getName() + " enabled");
         }
 
-        // Don't allow to specify vlan if the caller is a regular user
-        if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL && (ntwkOff.getSpecifyVlan() || vlanId != null)) {
-            throw new InvalidParameterValueException("Regular user is not allowed to specify vlanId");
+        // Don't allow to specify vlan if the caller is not ROOT admin
+        if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && (ntwkOff.getSpecifyVlan() || vlanId != null)) {
+            throw new InvalidParameterValueException("Only ROOT admin is allowed to specify vlanId");
         }
 
         if (ipv4) {