I've seen several switch products advertising port isolation feature as "way to limit ports communication without configuring VLANs" and it sounds quite… sketchy? If i understand it correctly port isolation allows you to literally specify which ports can each port talk to. And it sounds like really really error prone example of clumsy VLAN/ACL combo implementation.
So what are actual correct use cases (not ones coming from lazyness and misunderstanding) where this feature is necessary? Can we look at port isolation as kind of simplified ACL? I don't quite see any real value coming from such feature if we have switch with ACL support and VLANs support. It sounds to me like incorrect network/security design.
Best Answer
Port isolation -also called private VLAN (thanks @Stuggi)- is a very useful feature for switches that connect end users.
In a typical network you will have many end-users computers grouped together in a VLAN that communicates with some servers in other networks.
Those computers have no need to communicate together, so it's best to block those unwanted communication.
For example, if a user is infected by a virus (received either by email or by browsing a website), which spread itself on all accessible computers in the LAN, it will infect all machines. Port isolation will prevent this.
ACL are more intended to filter what pass from a network / VLAN to another, not inside a single network/VLAN.