|This is kind of tough to answer without knowing more about your infrastructure but I will try to give you a basic outline. |
I highly recommend you spend some serious time researching/reading about VLAN's.
One of the most important features of VLAN's are the ability to have a WAN and have subnets that span your WAN, but appear (act) like they're all a local subnet even when crossing remote boundaries. Depending on your infrastructure, you might find it necessary (or beneficial) to have a subnet (or subnets) that span all 3 locations. Say for example, you have programmers in all 3 locations. Say they work on projects together. If you created a VLAN and all of them were on it it would span all 3 sites yet behave as if they were all sitting physically in the same room connected to the same switch.
I bring this up because your idea of having each site as it's own VLAN (subnet) may not be the best way to do it and VLAN tagging will allow you a lot of flexibility in the long (and short) run.
Having said all that and assuming you're going to go ahead with the "3 site - 3 subnets" idea, here's how I would start my design.
VLAN1 = management VLAN
VLAN2 = server VLAN
VLAN3 = site 1 VLAN
VLAN4 = site 2 VLAN
VLAN5 = site 3 VLAN
VLAN6 = printer VLAN
You would probably want a router that is VLAN capable to route traffic between VLAN's and ensure communication between them. This may not be necessary though depending on what type of switches you have.
Where I'm working, we're using teamed servers running UNIX that do all routing and firewalling. We use extensive firewall filtering to control access. Certain VLAN's are inaccessible to others and external (DMZ) VLAN's strictly prohibit internal access etc etc.
We also have dual core switches that act as our gateways for each VLAN and do a lot of the forwarding. The gateway addresses for all VLAN's are configured on the core switches (ie: xxx.xxx.xx.250) and all switches are connected to the core via a fibre backbone. Effectively, incoming traffic hits the core switches and since they're capable, they'll forward tagged traffic appropriately. With our present layered firewall/router design, no matter what, traffic ends up passing through a router/firewall before hitting the core switches and are filtered forwarded (or dropped) again from there to their desination. In almost all cases, the traffic passes through at least one more firewall after leaving the core switch. Sometimes several before it finally hits it's final destination. Each of our remote sites has it's own firewall/router setup to handle traffic coming from and going to that location.
Depending on the size of your company, number of remote locations and number of devices communicating on the network it can easily become very complex. This is why I highly recommend you understand VLAN's before you begin. If possible, a one or two day training course on them would prove very beneficial. Especially if you can find a "hands on" course where you actually get to design, setup and deploy multiple VLAN's. The most important thing in any case is to have a well thought out plan before you begin and to really understand what you're working with, what you're doing, where you want to end up when you're done, and also, to allow for future growth and/or changes.
I hope this helps give you an idea what you're dealing with. Again, I can't stress enough the need to know as much as possible about VLAN'ing before you begin. It will save you a lot of grief later on in time.