It allows any value in the range 5,000-2,000,000. It has been argued that these limits are too low.
The 100,000 client-side iterations are to calculate the Master Key. Then there is one more client-side round of PBKDF2-SHA256 to hash the Master Key, which generates the Master Password Hash that is transmitted to the servers. This is explained in the security white paper, which you’ll enjoy reading.
As I’ve pointed out elsewhere, only the initial (100,000) iterations for computing the Master Key must be performed by someone attempting to crack your master password, so the extra 100,001 iterations are not so relevant for vault security (they serve other purposes).