First switch:

create vlan 10 tag 10
create vlan 20 tag 20
!ввод 10 влана:
config vlan 10 add untagged 1:1
!ввод 20 влана:
config vlan 20 add untagged 1:2
!транк до другого коммутатора
config vlan 10 add tagged 1:48
config vlan 20 add tagged 1:48

Second switch (same):

create vlan 10 tag 10
create vlan 20 tag 20
!ввод 10 влана:
config vlan 10 add untagged 1:1
!ввод 20 влана:
config vlan 20 add untagged 1:2
!транк до другого коммутатора
config vlan 10 add tagged 1:48
config vlan 20 add tagged 1:48

Switches connect 48 ports. Ports 1 - input and output of vlan 10, ports 2 - vlan 20.
You say that in theory everything is clear to you, I do not believe you. Learn when and how a frame is tagged or un-tagged, a lot will become clear to you.
In this case, traffic enters through the access port (untagged in the d-link world), in case of forwarding through the trunk (tagged), a tag is added to it. On the second switch, a tagged frame arrives and is redirected to the port corresponding to the vlan. Since this vlan is not tagged in this port, the tag is removed.

Everything is correctly described, I do not understand why the first post is not marked as a solution to the issue. But just in case, I'll explain in simple terms.
In vlan networks, the main concepts are trunk and access. access - traffic transmission of only one vlan. trunk - traffic transmission of multiple vlan networks. In trunk mode, subnets can be tagged and untagged. A vlan is assigned to each port as the main one, the traffic of such a network is untagged - it is transmitted as is. In access, this is the only traffic transmitted, but for the trunk port, it is the carrier. In the trunk, the remaining networks are marked as tagged, they are packed in a special wrapper that can be opened at the other end.
And therefore, we create the required number of vlans on one side, mark all local ports of the switch in access, depending on the network that needs to be transferred to the device. We mark the port for transmission to another switch as a trunk, issue an untagged carrier, and enter the rest of the vlan as tagged. On the other end, we do everything in the same way. We mark all ports to devices as access, indicating the specific vlan required. We enter the transmission port on the first switch into trunk mode indicating a similar carrier vlan, and add the rest of the vlans as tagged.
Total business. If you connect to the transmitting port, then without the trunk mode of operation, the device will see only the carrier traffic, the rest will not be visible, as it is packed. Everything is approximate, but the main gist is this. Of course, there are still different modes, cisco general, each manufacturer can name everything differently, but the basis is as follows.

Users? What kind of users?
In general, the meaning of VLAN'a is that on both sides of the cable (and devices can be, in principle, any, if they could) put the same labels. The setting depends on the equipment, read the mana.

xgu.ru/wiki/VLAN_%D0%B2_Cisco

trunk if cisco. tagget if d-link.

In general, if you have 2 L3 subnets, then you can freely drive them over one cable. Of course, then both of these subnets, without using vlans for each network, will be in the same broadcast domain, but if this is not critical, then there will be a very simple and working option.