Private VLAN group allows you to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group.
So, in this instance, they would share the same IP scheme (subnet), but the switch can allow or disallow them to communicate together, based on which group they are in.
From the sounds of it, you want regular VLANs, so then you need to have VLANs (DHCP etc.) configured at an end-point (i.e., Firewall, or on the M4100 DHCP), and then setup your VLANs.
Then, your firewall needs static routes, or, be VLAN aware, for routing.
Yes, two VLANs might work, but if they need to communicate something needs to be aware of it, and have an L3 interface for it.
Not sure if they have the option for that. Then, the option wouldn't be to bad, but if in case they need different subnets etc. a firewall/router or the switch with interfaces should do the trick.
Private VLAN group allows you to create groups of users within a VLAN that cannot communicate with members in different groups but only within the same group.
I think this is what I need. My subnet1 is 2 audio mixing consoles, plus wired and wireless remote controlers. I could have the ffirst 4 ports as group1 and the other 8 as group2.
This would be the same as using 2 separate switches?
yes, if you only have one subnet, and can't setup static routes/routing/vlans on your Firewall/router, then this could be a solution.
As @schumaku says, it's kind of the same as VLANs, and a more graceful solution would probably be using different subnet/VLANs, to differentiate between them with VLAN + IP scheme.
Your router/firewall, often should support static routes, and it's not to hard to configure once you have the routing to your switch configured correctly.
