We currently have 40 employees on one network. We have purchased layer 3 and layer 2 switches. Is it best to break up the network into subnets based on the department that they work, or the applications/software that they access through the servers? ie If an executive uses an accounting software installed on a server, is he placed in the Executive VLAN or Accounting VLAN? The executive staff will be placed in same location..department employees will be placed together.
You must pretty much seggregate based on the traffic pattern (application specific) that the users have rather than which department they work in.
2 people in the same department but in different vlans can always share stuff on the network as u have a layer 3 switch for intervlan comm.
Do not consider vlans as a method to stop communication between 2 groups (unless you use VACLs). Its just there to control broadcasts and make troubleshooting easier.
Focus on traffic requirments than Departments.