As a promising solution for next-generation broadband access networks, EPON could provide full-service access such as voice, video and data applications. However, EPON’s standard IEEE 802.3ah does not specify a particular supporting mechanism to guarantee QoS and priority requirements of various services, allowing it to be vendor specific. Meanwhile, how to segregate user traffic to guarantee security, remains unsolved. This paper creatively introduced the 802.1Q VLAN (Virtual Local Area Network) technique into the EPON system to solve these problems. Firstly, a brief introduction of EPON system is given. Secondly, the VLAN solution is presented in detail. Unlike VLAN mapping according to port or MAC in Gigabit Ethernet, EPON’s VLAN mapping is based on LLID tag. At last, OLT MAC layer design is given and FPGA implementation is described in detail. Detailed simulation experiments have been conducted to study the performance and validate the effectiveness of the proposed mechanism.