protected port

you could simply use the “protected port” feature.

Devices connected to a Protected port are not able to talk to each other, even if they are within the same vlan.


conf t

int gi 0/1

switchport mode access

switchport acess vlan x

switchport protected

spanning-tree portfast


The protected port feature only works local on a switch while private vlans could span over multiple switches. Much easier then configure private vlans and should work for your use case just fine