Vlan – Prevent network auto-discovery between members of VLAN

At our ISP's we use Huawei s5300 switches, and we want to upgrade our setup to accomplish the following:

1. Place a number of different customers/users under same VLAN.
2. Assign one static-public IP address per client/customer and prevent them
   use another IP address from the same subnet.
3. Isolate each client/interface in the same VLAN, effectively having them as if
   they are part of different VLAN. The goal is to prevent
   broadcast-based network auto-discovery protocols that can locate all
   hosts under the same broadcast domain.

The idea is to: a) save on IP addresses since if we put each client in a separate VLAN we "lose" at least 3 IPs, and b) avoid using MUX VLAN (Private VLAN in Cisco terms) due to configuration complexity.

We are stuck at point 3. If customers terminate the public IP on a server, then for instance Customer A can see the server of Customer B,C,D in Windows network folder. Here is a sample configuration for clients connected to interface 0/0/3 and 0/0/4. As we learned from the net the command "port-isolate enable group 1" may do the trick but for us it had no effect – we need isolation to work across multiple switches.

[Huawei Router]
interface Vlanif2 (The subnet is based on public IP addresses)
ip address X.X.X.X 255.255.255.0
........
[Huawei Switch 1]
user-bind static ip-address X.X.X.19 interface GigabitEthernet0/0/3
interface GigabitEthernet0/0/3
  port link-type access
  port default vlan 2
  port-isolate enable group 1
  arp anti-attack check user-  bind enable
[Huawei Switch 2]
user-bind static ip-address X.X.X.20 interface GigabitEthernet0/0/4
interface GigabitEthernet0/0/4
  port link-type access
  port default vlan 2
  port-isolate enable group 1
  arp anti-attack check user-bind enable
</code>

Thanks in advance.

[EDIT] 1. Code snippet changed – commands segmented into more devices. 2. Added information that port isolation should work across multiple switches.