Thanks for your reply!

Isn't it weird that i can configure primary and secondary community/isolated vlans without being able to assign a promiscuous port on the router?

Would have liked to at least isolate a few switchports on this ISR to only access the internet and not the other connected hosts on the switch. Any suggestions in this regard?

I check and indeed there is promiscuous port in Router (with ehter capability)
so 
do 
interface x/x
switchport <<- once without any other keyword 
switchport ..........

try this way

Thank you for your reply!
When doing this I get:

switchport
% incomplete command.

--------------------------------------

switchport ?  
  access         Set access mode characteristics of the interface
  autostate      Include or exclude this port from vlan link up calculation
  host             Set port host
  mode           Set trunking mode of the interface
  nonegotiate  Device will not engage in negotiation protocol on this interface
  port-security Security related command 
  priority          Set appliance 802.1p priority
  protected      Configure an interface to be a protected port
  trunk             Set trunking characteristics of the interface
  voice             Voice appliance attributes

--------------------------------------

switchport mode private-vlan promiscuous
                          ^
% Invalid input detected at '^' marker.

--------------------------------------

switchport mode ?
  access   Set trunking mode to ACCESS unconditionally
  dynamic  Set trunking mode to dynamically negotiate access or trunk mode
  trunk    Set trunking mode to TRUNK unconditionally

switchport mode access <<-  add this 
then check 
switchport ?

Highly appreciate your answer!

I did make the association without the word "add" so I tried again but unfortunately without any luck. The situation is still unchanged.

When I run:
show vlan private-vlan

The primary and secondary vlans are listed but under type it lists "non-operational".
As mentioned before I am not able to assign a promiscuous port yet.

@AlexW22 

Maybe you have some other commands there that affect the port mode. I have never tried to use a promiscuous port for Internet access. My promiscuous ports are very simple. I have servers connected to them.

give some time I need half day to be sure that this feature available or not in ISR

Ok thank you! I am patiently awaiting your reply

Thanks for the quick reply!
I tried switchport access vlan <primary>

Then when trying:
switchport mode ?

I still gett only the option for:
access | dynamic | trunk.

Were you able to find out if this feature is supported?

I think I simulate community private-vlan functionality with normal vlans. Is there another way I can isolate single ports that can not communicate to one another but only with a "promiscuous port" like in an isolated private-vlan? I could assign a unique vlan ID to a number of switchports but I don't think I can assign multiple vlans to a single port to function like the promiscuous port. Any thoughts given that this is a router?