Virtual Switch / Port Group

Hello, I am new to Zyxel Switches, but I cannot find an option to create virtual Switches (as in VMWare VSphere Port Groups) that keep groups of ports completely separated from each other (independent of VLAN).
I think it would be much clearer to the user which groups/sets of ports can NOT communicate with each other, if they could be assigned to port groups in such a way that clearly separates them from each other in the GUI and "physically" (using separate ARP and routing tables, etc.). Otherwise there is a chance of misconfiguration, when configuring a subset of physical ports for a specific, isolated use case from the rest, even when leaving the default VLAN active for all ports.

Sometimes would be is useful to have a set of ports completely isolated from the rest (e.g. for connecting IPMI / Management ports). Adding a separate physical Switch would be rather wasteful in terms of cost, rackspace and energy use.

Achieving this using VLANs seems more Error-prone (misconfiguration, leftover or temporary VLAN assignments from bypassing such a restriction, etc) and not very simple / user-friendly to set up (at least without a Port-centric VLAN config screen)

In addition there is the security risk of spoofing - especially when also making use dynamic features such as VLAN assignment by Protocol / MAC / VendorID / Subnet for the regular ports