Separating systems that have sensitive data from the rest of the network decreases the chances that people will gain access to information they are not authorized to see.
A VLAN (Virtual Local Area Network) is a logical collection of devices that are grouped together to control broadcast, unicast and multicast traffic in layer 2 devices, such as an ethernet switch. VLANs can be locally significant or be trunked over multiple layer 2 devices.
VLANs provide the following benefits
Security
Performance/Bandwidth
Careful monitoring of network use allows the network administrator to create VLANs that reduce the number of router hops and increase the apparent bandwidth for network users.
Broadcasts/Traffic flow
Since a principle element of a VLAN is the fact that it does not pass broadcast traffic to nodes that are not part of the VLAN, it automatically reduces broadcasts. Access lists provide the network administrator with a way to control who sees what network traffic. An access list is a table the network administrator creates that lists which addresses have access to that network.
Departments/Specific job types
Companies may want VLANs set up for departments that are heavy network users (such as multimedia or engineering), or a VLAN across departments that is dedicated to specific types of employees (such as managers or sales people).