Can anybody explain to me the difference between an isolated port (think Private VLAN) and a protected port (switchport protected). I'm struggling to find resources that adequately explain it!
There are very similar.
The protected port does not communicate with other protected ports but it communicates with other non-protected ports. In order for a protected port to communicate to another protected port is by using a default gateway (Layer3).
Isolated port can only communicate with Promiscuous ports. It can't communicate with other Isolated ports or community ports.
As I stated, both offer about the same feature but the reason both are available is due to not all hardware support Private Vlan. If I recall correctly, Private Vlan was implemented starting with 3560 switches. 3550 do not support Private Vlans.