I am investigating a private vlan solution to accomplish an end goal of host isolation. In the end I'd like to see my endpoints not able to communicate with each other for additional privacy/security.

While experimenting with this I ran into the "switchport protected" option on a per-port basis. It appears to work fine for most of my use cases, except that when another device on the same switch/vlan attempts to call the other over Cisco Jabber the audio is not heard on either side. I also cannot send screen shares or share my video over Jabber. While the use case may be minimal (two users trying to call each other on the same switch stack, which is likely the same floor of the building), I need to ensure that all current uses transfer over during the final change window.

My question is this: Does Cisco Jabber use the data vlan for all traffic, or is there a way to have it tag its traffic outbound as the voice vlan?

I'm investigating an alternative solution here to have the data vlan be an isolated pvlan and the voice vlan be a community pvlan, allowing inter-floor voice vlan traffic to establish as normal. This of course relies on the idea that Cisco Jabber uses the voice vlan, or there is some way to separate out those traffic flows to permit them.