Can't see how what you want is possible, below in Blue was cut and pasted from the the SG500X built in help text.
Protected Port—Select to make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows:
Protected Ports provide Layer 2 isolation between interfaces (Ethernet ports and LAGs) that share the same VLAN.
Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications.
Port protection is not subject to VLAN membership. Devices connected to protected ports are not allowed to communicate with each other, even if they are members of the same VLAN.
Are you just better off having a access list that allows traffic to destination port 80 of members of that subnet ?
With Proxy ARP and a couple of beers, anything is possible...
Ports trunk VLAN containing VM's on backup network, and I only want them to have access to/from backup server (not view each other). Easy enough: make sure the backup server (same VLAN) is using an unprotected port. Problem is those client ports also trunk a different VLAN for the VMKernels, which do need to talk to each other. (Protection is per physical port, not per VLAN per port.)
I'm trying to avoid re-IP'ing, but it's not that much of a problem. I wanted to see if there was a quicker way around it.
Sounds like you now understand PVE or protected ports..
One mistake I made in my original response was to say that IPv4 access list might achieve the same thing, Well it doesn't.
I think you realize from your discussion above, that PVE or protected ports secures a port at layer 2 .
So it segregates and secures a host from other hosts on other protected ports from protocols such as IP as well as other ethernet based protocols.
The application, as I originally saw it was for use in a MDU or hotel environment, whereby client PCs were segregated, almost like on a private VLAN from other PC connected on other protected ports. Hence the term Private Vlan Edge (PVE)
Configure the PNP Settings on a Switch
The installation of new networking devices or replacement of devices can be expensive, time-consuming, and error-prone when performed manually. Typically, new devices are first sent to...
SG350X, Sx550X: RSPAN Mirrored Packet Loss when Forwarding
February 12, 2017
SG350X: Running Cable Test Via The "Test Cable-Diagnostics Tdr" Command May Provide Unpredictable Results
May 23, 2017