TL-SG3428MP

JetStream 28-Port Gigabit L2 Managed Switch with 24-Port PoE+

  • 384 W PoE Budget: 24× 802.3at/af-compliant PoE+ ports with a total power supply of 384 W*.
  • Full Gigabit Ports: 24× gigabit PoE+ ports and 4× gigabit SFP Slots provide high-speed connections.
  • Integrated into Omada SDN: Zero-Touch Provisioning (ZTP)**, Centralized Cloud Management, and Intelligent Monitoring.
  • Centralized Management: Cloud access and Omada app for ultra convenience and easy management.
  • Static Routing: Helps route internal traffic for more efficient use of network resources.
  • Robust Security Strategies: IP-MAC-Port Binding, ACL, Port Security, DoS Defend, Storm control, DHCP Snooping, 802.1X, Radius Authentication, and more.
  • Optimize Voice and Video Applications: L2/L3/L4 QoS and IGMP snooping.
  • Standalone Management: Web, CLI (Console Port, Telnet, SSH), SNMP, RMON, and Dual Image bring powerful management capabilities.

Learn more about TP-Link PoE technology >

 

Learn more about Omada Cloud SDN>​

  • Introducing TP-Link PoE Switches

  • What is Omada Cloud SDN?

TP-Link | Omada Centralized Management

Convenient Gigabit Switch with 24-Port
PoE+ for a Complete Omada Network

JetStream 28-Port Gigabit L2 Managed Switch with 24-Port PoE+

TL-SG3428MP

  •  

    PoE+ Output

    24× Gigabit PoE+ Ports with Total 384 W Power Budget*

  •  

    Centralized Cloud Management

    SDN Solutions Integration for a Highly Efficient Network

  •  

    Robust Security Strategies

    LAN Area Investment Protection

  •  

    Advanced L2+ Features

    Static Routing, IGMP Snooping
    802.1 Q VLAN and More

Dedicated 24 PoE+ Ports (384 W Budget) for Numerous Applications

Features 24× 802.3af/at compliant PoE+ ports, the switch supports up to 384 W total PoE power budget.* Designed to use a single Ethernet cable for both data and power transmission, it offers flexible deployment for PoE-supported devices such as wireless access points, IP cameras, and IP phones, lowering infrastructure costs for small businesses.

24x Gigabit PoE+ Ports
Up to 30 W on Each Port
Total 384 W Power Budget

TL-SG3428MP

Router

Internet

IP Camera

IP Phone

Access Point

Software Defined Networking (SDN) with Cloud Access

Omada’s Software-Defined Networking (SDN) platform integrates network devices, including access points, switches, and gateways, providing 100% centralized cloud management. Omada creates a highly scalable network— all controlled from a single interface. Seamless wireless and wired connections are provided, ideal for use in hospitality, education, retail, offices, and more.

JetStream Switches Omada Routers Omada Access Points Wi-Fi 6 Celling
Mount
Wall
Plate
Outdoor Unified Management Interface Controllers Cloud Access Cloud

Secure Networking

Security features include IP-MAC-Port-VID Binding, Port Security, Storm Control, and DHCP Snooping to defend against a range of network threats. An integrated list of common DoS attacks is available, making it easier than ever to prevent them. In addition, the Access Control Lists (ACL, L2 to L4) feature restricts access to sensitive network resources by denying packets based on source and destination MAC address, IP address, TCP/UDP ports, or VLAN ID. Users’ network access can be controlled via 802.1X authentication, which works with a RADIUS/Tacacs+ server to grant access only when valid user credentials are provided.

Advanced QoS

Voice and video traffic can be prioritized based on IP address, MAC address, TCP port number, UDP port number, and more. With QoS (Quality of Service), voice and video services remain smooth, even when bandwidth is in short supply.

Abundant L2 and L2+ Features***

A complete lineup of L2 features is supported including 802.1Q VLAN, Port Mirroring, STP/RSTP/MSTP, Link Aggregation Control Protocol, and 802.3x Flow Control. Advanced IGMP Snooping ensures the switch intelligently forwards multicast streams to only the appropriate subscribers, cutting out unnecessary traffic, while IGMP throttling & filtering restrict each subscriber on a port level to prevent unauthorized multicast access. Static Routing is a simple way of segmenting the network and internally routs traffic through the switch for improved efficiency.

ISP Features

QinQ, L2PT, PPPoE ID Insertion, and IGMP authentication features are provided, developed with service providers in mind. 802.3ah OAM and Device Link Detection Protocol (DLDP) offer easy monitoring and troubleshooting of Ethernet links.

IPv6 Support

IPv6 functions such as Dual IPv4/IPv6 Stack, MLD Snooping, IPv6 ACL, DHCPv6 Snooping, IPv6 Interface, Path Maximum Transmission Unit (PMTU) Discovery and IPv6 Neighbor Discover guarantee your network is ready for the Next Generation Network (NGN) without upgrading your hardware.

Enterprise Level Management Features

Easy to manage via an intuitive web-based Graphical User Interface (GUI) or an industry-standard Command Line Interface (CLI). For both management methods, traffic is protected through SSL or SSH encryption. SNMP (v1/v2c/v3) and RMON support enables the switch to be polled for valuable status information and to send traps on abnormal events.

More >

Related Cases

  • Sim Lim Square

    Singapore’s largest IT and electronics shopping mall, Sim Lim Square, deploys TP-Link Auranet Indoor Wi-Fi solution

    Sim Lim Square

    Singapore’s largest IT and electronics shopping mall, Sim Lim Square, deploys TP-Link Auranet Indoor Wi-Fi solution

    “Our customer satisfaction levels have been greatly improved since we started offering free public Wi-Fi throughout the entire mall. For that alone, the solution TP-Link provided was the best choice.” —Sean Chia, Head of Advertising & Promotions, Sim Lim Square.
  • Shuraa Facilities Management LLC

    Shuraa Facilities Management LLC Chooses TP-link for Wireless Service Deployments

    Shuraa Facilities Management LLC

    Shuraa Facilities Management LLC Chooses TP-link for Wireless Service Deployments

    “The hotel has overcome some of its Wi-Fi internet connectivity for guests following the implementation of TP-Link’s solutions. In addition, it has been able to provide connectivity in more than 100 guest apartments without compromising of guest comfort and experience.”
  • Barranquilla Plaza Hotel

    TP-Link Helps Barranquilla Plaza Hotel Build a Reliable and Efficient Network

    Barranquilla Plaza Hotel

    TP-Link Helps Barranquilla Plaza Hotel Build a Reliable and Efficient Network

    “HBP management has expressed intense satisfaction with their newly implemented solution and 100% of the staff has reported improved internet service. TP-Link’s Omada Solution provided the reliable, high-performance wireless network that HBP and its guests demanded.”
HARDWARE FEATURES
Interface • 24× 10/100/1000Mbps RJ45 Ports
• 4× Gigabit SFP Slots
• 1× RJ45 Console Port
• 1× Micro-USB Console Port
Fan Quantity 2
Power Supply 100-240 V AC~50/60 Hz
PoE Ports (RJ45) • Standard: 802.3at/af compliant
• PoE+ Ports: 24 Ports, up to 30 W per port
• PoE Power Budget: 384 W*
Dimensions ( W x D x H ) 17.3 × 13.0 × 1.7 in (440 × 330 × 44 mm)
Mounting Rack Mountable
Max Power Consumption • V1: 463.8 W (110 V/60 Hz) (with 384 W PD connected); 31.0 W (110 V/60 Hz) (no PD connected)
• V2: 465.8 W (110 V/60 Hz) (with 384 W PD connected); 34.4 W (110 V/60 Hz) (no PD connected)
• V3: 442.1 W (220 V/50 Hz) (with 384 W PD connected)
• V4: 460.8 W (110 V/60 Hz) (with 384 W PD connected)
• V5: 456.4 W (110 V/60 Hz) (with 384 W PD connected)
Max Heat Dissipation • V1: 1582.49 BTU/h (110 V/60 Hz) (with 384 W PD connected); 105.78 BTU/h (110 V/60 Hz) (no PD connected)
• V2: 1589.31 BTU/hr (110 V/60 Hz) (with 384 W PD connected); 117.38 BTU/hr (110 V/60 Hz) (no PD connected)
• V3: 1508.67 BTU/hr (220 V/50 Hz) (with 384 W PD connected)
• V4: 1572.48 BTU/hr (110 V/60 Hz) (with 384 W PD connected)
• V5: 1557.47 BTU/hr (110 V/60 Hz) (with 384 W PD connected)
PERFORMANCE
Switching Capacity 56 Gbps
Packet Forwarding Rate 41.66 Mpps
MAC Address Table • V1: 8K
• V2 and above: 16K
Packet Buffer Memory 4.1 Mbit
Jumbo Frame 9 KB
SOFTWARE FEATURES
Quality of Service • 8 priority queues
• 802.1p CoS/DSCP priority
• Queue scheduling
- SP (Strict Priority)
- WRR (Weighted Round Robin)
- SP+WRR
• Bandwidth Control
- Port/Flow based Rating Limiting
• Smoother Performance
• Action for Flows
- Mirror (to supported interface)
- Redirect (to supported interface)
- Rate Limit
- QoS Remark
L3 Features • 16 IPv4/IPv6 Interfaces
• Static Routing
- 48 static routes
• Static ARP
• 316 ARP Entries
• Proxy ARP
• Gratuitous ARP
• DHCP Server
• DHCP Relay
• DHCP L2 Relay
L2 and L2+ Features • Link Aggregation
- Static link aggregation
- 802.3ad LACP
- Up to 8 aggregation groups and up to 8 ports per group
• Spanning Tree Protocol
- 802.1d STP
- 802.1w RSTP
- 802.1s MSTP
- STP Security: TC Protect, BPDU Filter, BPDU Protect, Root Protect, Loop Protect
• Loopback Detection
- Port-based
- VLAN based
• Flow Control
- 802.3x Flow Control
- HOL Blocking Prevention
• Mirroring
- Port Mirroring
- CPU Mirroring
- One-to-One
- Many-to-One
- Tx/Rx/Both
L2 Multicast • Supports 511 (IPv4, IPv6) IGMP groups
• IGMP Snooping
- IGMP v1/v2/v3 Snooping
- Fast Leave
- IGMP Snooping Querier
- IGMP Authentication
• IGMP Authentication
• MVR
• MLD Snooping
- MLD v1/v2 Snooping
- Fast Leave
- MLD Snooping Querier
- Static Group Config
- Limited IP Multicast
• Multicast Filtering: 256 profiles and 16 entries per profile
Advanced Features • Automatic Device Discovery
• Batch Configuration
• Batch Firmware Upgrading
• Intelligent Network Monitoring
• Abnormal Event Warnings
• Unified Configuration
• Reboot Schedule
VLAN • VLAN Group
- Max 4K VLAN Groups
• 802.1q Tagged VLAN
• MAC VLAN: 12 Entries
• Protocol VLAN: Protocol Template 16, Protocol VLAN 16
• GVRP
• VLAN VPN (QinQ)
- Port-Based QinQ
- Selective QinQ
• Voice VLAN
Access Control List • Time-based ACL
• MAC ACL
- Source MAC
- Destination MAC
- VLAN ID
- User Priority
- Ether Type
• IP ACL
-Source IP
- Destination IP
- Fragment
- IP Protocol
- TCP Flag
- TCP/UDP Port
- DSCP/IP TOS
- User Priority
• Combined ACL
• Packet Content ACL
• IPv6 ACL
• Policy
- Mirroring
- Redirect
- Rate Limit
- QoS Remark
• ACL apply to Port/VLAN
Security • IP-MAC-Port Binding
- DHCP Snooping
- ARP Inspection
- IPv4 Source Guard
• IPv6-MAC-Port Binding
- DHCPv6 Snooping
- ND Detection
- IPv6 Source Guard
• DoS Defend
• Static/Dynamic Port Security
- Up to 64 MAC addresses per port
• Broadcast/Multicast/Unicast Storm Control
- kbps/ratio/pps control mode
• IP/Port/MAC based access control
• 802.1X
- Port based authentication
- Mac based authentication
- VLAN Assignment
- MAB
- Guest VLAN
- Support Radius authentication and accountability
• AAA (including TACACS+)
• Port Isolation
• Secure web management through HTTPS with SSLv3/TLS 1.2
• Secure Command Line Interface (CLI) management with SSHv1/SSHv2
IPv6 • IPv6 Dual IPv4/IPv6
• Multicast Listener Discovery (MLD) Snooping
• IPv6 ACL
• IPv6 Interface
• Static IPv6 Routing
• IPv6 neighbor discovery (ND)
• Path maximum transmission unit (MTU) discovery
• Internet Control Message Protocol (ICMP) version 6
• TCPv6/UDPv6
• IPv6 applications
- DHCPv6 Client
- Ping6
- Tracert6
- Telnet (v6)
- IPv6 SNMP
- IPv6 SSH
- IPv6 SSL
- Http/Https
- IPv6 TFTP
MIBs • MIB II (RFC1213)
• Bridge MIB (RFC1493)
• P/Q-Bridge MIB (RFC2674)
• Radius Accounting Client MIB (RFC2620)
• Radius Authentication Client MIB (RFC2618)
• Remote Ping, Traceroute MIB (RFC2925)
• Support TP-Link private MIBs
• RMON MIB(RFC1757, rmon 1,2,3,9)
MANAGEMENT
Omada App Yes, through
• Omada Cloud-Based Controller (Not Supported by TL-SG3428MP v3)
• OC300
• OC200
• Omada Software Controller
Centralized Management • Omada Cloud-Based Controller (Not Supported by TL-SG3428MP v3)
• Omada Hardware Controller (OC300)
• Omada Hardware Controller (OC200)
• Omada Software Controller
Cloud Access Yes, through
• Omada Cloud-Based Controller (Not Supported by TL-SG3428MP v3)
• OC300
• OC200
• Omada Software Controller
Zero-Touch Provisioning Yes. Requiring the use of Omada Cloud-Based Controller (Supported byTL-SG3428MP v1, v2, v4 and above, while is not supported by TL-SG3428MP v3)
Management Features • Web-based GUI
• Command Line Interface (CLI) through console port, telnet
• SNMPv1/v2c/v3
- Trap/Inform
- RMON (1, 2, 3, 9 groups)
• SDM Template
• DHCP/BOOTP Client
• 802.1ab LLDP/LLDP-MED
• DHCP AutoInstall
• Dual Image, Dual Configuration
• CPU Monitoring
• Cable Diagnostics
• EEE
• Password Recovery
• SNTP
• System Log
OTHERS
Certification CE, FCC, RoHS
Package Contents • TL-SG3428MP Switch
• Power Cord
• Quick Installation Guide
• Rackmount Kit
• Rubber Feet
System Requirements Microsoft® Windows® 98SE, NT, 2000, XP, Vista™ or Windows 7/8/10/11, MAC® OS, NetWare®, UNIX® or Linux.
Environment • Operating Temperature: 0–45 ℃ (32–113 ℉);
• Storage Temperature: -40–70 ℃ (-40–158 ℉)
• Operating Humidity: 10–90% RH non-condensing
• Storage Humidity: 5–90% RH non-condensing

*PoE budget calculations are based on laboratory testing. Actual PoE power budget is not guaranteed and will vary as a result of client limitations and environmental factors.

**Zero-Touch Provisioning requires the use of Omada Cloud-Based Controller.

***Some features are only supported by Standalone Management or Centralized Management, or may require further software upgrades, please visit the product page on www.tp-link.com for detailed information.