Vlan's are a Virtual Lan's and when you configure it is like the switch is to divide in the number of the individuals switches like a number of vlan's that you configure.
In this case each vlan works like a individual switch.
A VLAN is a group of end stations with a common set of requirements, independent of physical location. VLANs have the same attributes as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment.
VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. LAN port VLAN membership is assigned manually on an port-by-port basis.
For more information please check the following link,
VLANs (Virtual Local Area Networks) are created to seperate layer 2 traffic.Generall types of traffic include.
1. Multicast (Video streaming)
2. Network Management Traffic (SNMP messages, CDP Messages, BPDU's etc)
3. VoIP (Voice Traffic)
4. User traffic
So let us assume there are no VLANs, what happens here is: Since the basic functinality of a switch is to flood if the destination MAC address is not present in its CAM table (And also if it's cam table is full).. we will see a lot of broadcast messages all of the above said usages.
And also let us take the example of the VoIP ... since there are no VLANs and switch is expereincing a lot of broadcast messages and the users are using VoIP obviously some of the packets will drop because of the broadcast storm that switch is experiencing. So there will be a lot of disturbance in that call.. And same thing applies all the above types of traffic.
So inorder to overcome the above issues we need seperate the traffic types which means broadcast domains by creating virtual LANs.. in this way VLANs seperate layer 2 traffic to enhance stability and security.
Agian how securty is achieved : simple inorder to communicate between two VLANs you need a layer3 device (a router) where we cann assign ACLs like which VLANs traffic to pass or bypass it.
And also VLANs are location independent it means it can span to multiple switches.. untill the user belong to the same VLAN he can communicate with the members in same VLAN without using layer3 device....
And also excellent info is availbale @ :
VLANs (Virtual LANs) are a logical grouping of devices in the same broadcast domain. VLANs are usually configured on switches (also you will find on some router/firewalls etc) by placing some interfaces into one broadcast domain and some interfaces into another. VLANs can be spread across multiple switches, with each VLAN being treated as its own subnet or broadcast domain. This means that frames broadcasted onto the network will be switched only between the ports within the same VLAN.
A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the same broadcast domain even if they are not connected to the same switch. Here are the main reasons why you should use VLANs in your network:
In the simple words: A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).