A virtual local area network (VLAN) is defined by a distinctive VLAN ID number included in an extended Ethernet frame header. The VLAN ID is a 12-bit field, so possible VLAN IDs range from 0 to 4095. (In practice, there are usually some limitations and excluded ID numbers.) The primary standard defining VLAN support is IEEE 802.1q. An earlier Cisco technology that supported VLAN definition in a different way was Inter Switch Link (ISL).
VLANs segment an Ethernet network at layer two. In doing so, each VLAN creates its own broadcast domain. This can have a positive impact both on performance and on network security. When VLANs are configured on layer two switches, each switch port can either be in access mode or in trunk mode. In access mode (suitable for connection to a PC host), all traffic must be limited to a single VLAN. In trunk mode (suitable for switch-to-switch links), traffic from multiple VLANs is supported. Although VLANs segment networks at layer two, and subnets segment networks at layer three, as a practical matter, all hosts in a VLAN need to participate in a single subnet.
References:
http://bradhedlund.com/2007/11/27/vlan-trunking-using-ieee-8021q/
http://www.ieee802.org/1/pages/802.1Q.html
http://www.thebryantadvantage.com/CCNACertificationExamWhySwitchesTrunkAndHow.htm