Virtual LANs, or VLANs, allow one to treat a switch as if it were multiple independent switches, coexisting in the same box. The switch is told to group its ports, some to one virtual switch, others to another. The end result is to have multiple LANs (virtual LANs, or VLANs) coexisting on the same hardware. You could get the same result by buying multiple switches, one for each independent LAN. VLANs just let you do this with fewer switches. That's all. (There's some added complexity when you start talking about trunking and about layer 3 switching, but neither of these is essential to understanding what a VLAN is.)
The key to understanding how to approach this lies in understanding what a "broadcast domain" is. A broadcast domain is the set of devices all of whom will receive a broadcast sent by any other member of that set. Normally, every device connected to a standard LAN switch will be in the same broadcast domain; in short, switches define broadcast domains. Every device connected to the same LAN is a member of the same broadcast domain. A VLAN is just a virtualization of this concept.
So why would you want multiple, independent LANs, instead of one big one? Well, there's a number of reasons.
One is to reduce the size of broadcast domains. If you have hundreds of devices, all on one broadcast domain, you may run into performance issues due to the amount of broadcast traffic on the domain. Splitting this up into several smaller broadcast domains (VLANs) won't reduce the total number of broadcast packets, but it will reduce the number of devices that hear (and thus have to deal with) each broadcast.
Another reason is to isolate traffic with special characteristics. Commonly this is used for VoIP traffic, which by its nature need special quality of service (QoS) rules to ensure that the high-priority voice packets get through ahead of other, lower priority traffic. Another case would be if you want to use jumbo frames. If any device is going to send jumbo frames then every device in that broadcast domain needs to be able to accept them, so if only some of your devices can accept jumbos then they need to be in their own VLAN. This often means that servers (which typically support jumbos) need to be in their own network, separate from client workstations (which often don't). I've often segregated printers into their own VLAN because certain brands of printer (HP) generate a lot of broadcast chatter; by putting the printers in their own VLAN that chatter is kept away from other devices.
The final reason is to save on cabling. The use of VLANs, when combined with trunking, can reduce the number of cables, and the number of interfaces, required to connect devices. This is because of a related technology called trunking. Trunking allows multiple VLANs to share the same port without interfering with one another. One of the VLANs is the "native" VLAN on that port, and its frames are sent without a tag. Frames belonging to other VLANs on the shared port are tagged with an indicator of which VLAN they're for; the device at the other end (often a switch, but might also be a router or other device) will note the tag and distribute the frame appropriately. This is often used for links between switches, but can also be used to allow an appropriately-configured device to have access to more than one VLAN via a single port. Just as VLANs allow a single switch to act like it is more than one switch, trunking allows a single cable to act as if it were more than one cable. If you had two broadcast domains that don't actually directly interact (such as a DMZ and an internal network), you could still put them on the same set of switches, each on its own VLAN, and make the connection between the switches with only one cable for all VLANs involved instead of one per VLAN.
For more information, or for specific help on how to use this information in your own environment, please contact us. We'll be glad to help you understand how this technology can improve your environment's performance.