protected port

you could simply use the “protected port” feature.

Devices connected to a Protected port are not able to talk to each other, even if they are within the same vlan.

 

conf t

int gi 0/1

switchport mode access

switchport acess vlan x

switchport protected

spanning-tree portfast

 

The protected port feature only works local on a switch while private vlans could span over multiple switches. Much easier then configure private vlans and should work for your use case just fine