TL-SG3428XPP-M2
JetStream 24-Port 2.5GBASE-T and 4-Port 10GE SFP+ L2+ Managed Switch with 16-Port PoE+ & 8-Port PoE++
- 2.5G PoE++/PoE+ Ports for WiFi 7/6E/6: 24× 2.5 Gbps ports smash the 2.5G barrier and unlock the full potential of WiFi 7/6E/6 APs.
- 10G Lightning-Fast Uplink: 4× 10 Gbps SFP+ slots enable high-bandwidth connectivity and non-blocking switching capacity.
- 500 W PoE Budget: 8× 802.3bt/at/af/-compliant PoE++ and 16× 802.3at/af-compliant PoE+ ports with a total power supply of 500 W*.
- Integrated into Omada SDN: Zero-Touch Provisioning (ZTP)**, Centralized Cloud Management, and Intelligent Monitoring.
- Centralized Management: Cloud access and Omada app for ultra convenience and easy management.
- Static Routing: Helps route internal traffic for more efficient use of network resources.
- Robust Security Strategies: IP-MAC-Port Binding, ACL, Port Security, DoS Defend, Storm control, DHCP Snooping, 802.1X, Radius Authentication, and more.
- Optimize Voice and Video Applications: L2/L3/L4 QoS and IGMP snooping.
Learn more about TP-Link PoE technology >
 Centralized Management
 Centralized Management
Ultrafast 2.5G PoE++/PoE+ Managed Switch with 10G Uplink for Futuristic Network
TL-SG3428XPP-M2
- 
	2.5G PoE++/PoE+ Ports for WiFi 7/6E/624× 2.5 Gbps Ports Unlock the Full Potential of WiFi 7/6E/6 APs 
- 
	10G Lightning-Fast Uplink Connection4× 10 Gbps SFP+ Slots for High-Bandwidth Connectivity 
- 
	PoE++/PoE+ Output8 PoE++ and 16 PoE+ Ports with Total 500 W Power Budget* 
- 
	Centralized Cloud ManagementSDN Solutions Integration for a Highly Efficient Network 
IP Camera
2.5G WiFi 7/6E/6 AP
PoE Devices
2.5G NAS/Server
Workstation
Non-PoE Devices
Unlock the Full Potential of WiFi 7/6E/6
with Multi-Gigabit PoE++/PoE+ Ports
Featuring 8x PoE++ and 16x PoE+ 2.5G ports, the switch is capable of future network expansion and deployment, providing sufficient bandwidth for incoming WiFi 7/6E/6 APs. Designed to use a single Ethernet cable for both data and power transmission, it supports up to 500 W total PoE power budget* and flexible installation to fit in various application scenarios.
Enterprise Switch
with 10G Uplink
4× 10 Gbps SFP+ slots provide non-blocking switching
performance and ultra-low latency, so reliable and
lightning-fast connections to server and other switches are
easily built.
Software Defined Networking (SDN) with Cloud Access
Omada’s Software Defined Networking (SDN) platform integrates network devices, including access points, switches and gateways, providing 100% centralized cloud management. Omada creates a highly scalable network—all controlled from a single interface. Seamless wireless and wired connections are provided, ideal for use in hospitality, education, retail, offices, and more.
Wi-Fi 6
Celling Mount
Wall Plate
Outdoor
Unified Management Interface
Cloud
- 
	Hassle-Free Cloud or 
 On-Premises Controllers
- 
	Multi-Site Cloud 
 Management
- 
	Zero-Touch 
 Provisioning (ZTP)*
- 
	Intelligent 
 Monitoring
Advanced L3 Features**
An abundance of L2+ and L3 features are supported to help build a highly scalable and robust network, providing a reliable and efficient solution for enterprises, campuses and ISPs.
- 
	Secure NetworkingSecurity features include IP-MAC-Port-VID Binding, Port Security, Storm Control and DHCP Snooping to defend against a range of network threats. An integrated list of common DoS attacks is available, making it easier than ever to prevent them. In addition, the Access Control Lists (ACL, L2 to L4) feature restricts access to sensitive network resources by denying packets based on source and destination MAC address, IP address, TCP/UDP ports or VLAN ID. Users’ network access can be controlled via 802.1X authentication, which works with a RADIUS/Tacacs+ server to grant access only when valid user credentials are provided. 
- 
	Enterprise Level FeaturesA complete lineup of L2+ features are supported, including 802.1Q VLAN, Port Mirroring, STP/RSTP/MSTP, Link Aggregation Control Protocol, and 802.3x Flow Control. Advanced IGMP Snooping ensures the switch intelligently forwards multicast streams to only the appropriate subscribers, cutting out unnecessary traffic, while IGMP throttling & filtering restrict each subscriber on a port level to prevent unauthorized multicast access. Static Routing is a simple way of segmenting the network and internally routs traffic through the switch for improved efficiency. 
- 
	Advanced QoSVoice and video traffic can be prioritized based on IP address, MAC address, TCP port number, UDP port number, and more. With QoS (Quality of Service), voice and video services remain smooth, even when bandwidth is in short supply. 
- 
	ISP Features**QinQ, L2PT PPPoE ID Insertion and IGMP authentication features are provided, developed with service providers in mind. 802.3ah OAM and Device Link Detection Protocol (DLDP) offer easy monitoring and troubleshooting of Ethernet links. 
- 
	IPv6 SupportIPv6 functions such as Dual IPv4/IPv6 Stack, MLD Snooping, IPv6 ACL, DHCPv6 Snooping, IPv6 Interface, Path Maximum Transmission Unit (PMTU) Discovery and IPv6 Neighbor Discover guarantee your network is ready for the Next Generation Network (NGN) without upgrading your hardware. 
| HARDWARE FEATURES | |
|---|---|
| Interface | • 24× 2.5 Gbps RJ45 Ports• 4× 10G SFP+ Slots• 1× RJ45 Console Port• 1× Micro-USB Console Port | 
| Fan Quantity | 3 | 
| Power Supply | 100-240 V AC~50/60 Hz | 
| PoE Ports (RJ45) | • Standard: 802.3bt/at/af compliant• PoE++ Ports(802.3bt PoE): 8 Ports, up to 60 W per port• PoE+ Ports(802.3at PoE): 16 Ports, up to 30 W per port• Power Budget: 500 W | 
| Dimensions ( W x D x H ) | 17.3 × 13.0 × 1.7 in (440 × 330 × 44 mm) | 
| Mounting | Rack Mountable | 
| Max Power Consumption | 629.1 W (110V/60Hz) | 
| Max Heat Dissipation | 2153.45 BTU/h (110 V/60 Hz) | 
| PERFORMANCE | |
|---|---|
| Switching Capacity | 200 Gbps | 
| Packet Forwarding Rate | 148.80 Mpps | 
| MAC Address Table | 32 K | 
| Packet Buffer Memory | 16 Mbit | 
| Jumbo Frame | 9 KB | 
| SOFTWARE FEATURES | |
|---|---|
| Quality of Service | • 8 priority queues• 802.1p CoS/DSCP priority• Queue scheduling - SP (Strict Priority) - WRR (Weighted Round Robin) - SP+WRR• Bandwidth Control - Port/Flow based Rating Limiting• Smoother Performance• Action for Flows - Mirror (to supported interface) - Redirect (to supported interface) - Rate Limit - QoS Remark | 
| L3 Features | • 32 IPv4/IPv6 Interfaces• Static Routing - 48 static routes• Static ARP - 128 Static Entries• Proxy ARP• Gratuitous ARP• DHCP Server • DHCP Relay - DHCP Interface Relay - DHCP VLAN Relay• DHCP L2 Relay | 
| L2 and L2+ Features | • Link Aggregation - static link aggregation - 802.3ad LACP - Up to 8 aggregation groups, containing 8 ports per group• Spanning Tree Protocol - 802.1d STP - 802.1w RSTP - 802.1s MSTP - STP Security: TC Protect, BPDU Filter, Root Protect• Loopback Detection - Port based - VLAN based• Flow Control - 802.3x Flow Control - HOL Blocking Prevention• Mirroring - Port Mirroring - CPU Mirroring - One-to-One - Many-to-One - Tx/Rx/Both | 
| L2 Multicast | • IGMP Snooping - IGMP v1/v2/v3 Snooping - Fast Leave - IGMP Snooping Querier - IGMP Authentication• IGMP Authentication• MLD Snooping - MLD v1/v2 Snooping - Fast Leave - MLD Snooping Querier - Static Group Config - Limited IP Multicast• MVR• Multicast Filtering: 256 profiles and 16 entries per profile | 
| Advanced Features | • Automatic Device Discovery• Batch Configuration• Batch Firmware Upgrading• Intelligent Network Monitoring• Abnormal Event Warnings• Unified Configuration• Reboot Schedule | 
| VLAN | • VLAN Group - Max 4K VLAN Groups• 802.1Q Tagged VLAN• MAC VLAN: 256 Entries• Protocol VLAN: Protocol Template 16, Protocol VLAN 16• GVRP• VLAN VPN (QinQ) - Port-Based QinQ - Selective QinQ• Voice VLAN | 
| Access Control List | • Time-based ACL• MAC ACL - Source MAC - Destination MAC - VLAN ID - User Priority - Ether Type• IP ACL -Source IP - Destination IP - Fragment - IP Protocol - TCP Flag - TCP/UDP Port - DSCP/IP TOS - User Priority• Combined ACL• Packet Content ACL• IPv6 ACL• Policy - Mirroring - Redirect - Rate Limit - QoS Remark• ACL apply to Port/VLAN | 
| Security | • IP-MAC-Port Binding - 512 Entries - DHCP Snooping - ARP Inspection - IPv4 Source Guard: 100 Entries• IPv6-MAC-Port Binding - 512 Entries - DHCPv6 Snooping - ND Detection - IPv6 Source Guard: 100 Entries• DoS Defend• Static/Dynamic Port Security - Up to 64 MAC addresses per port• Broadcast/Multicast/Unicast Storm Control - kbps/ratio control mode• 802.1X - Port base authentication - Mac base authentication - VLAN Assignment - MAB - Guest VLAN - Support Radius authentication andaccountability• AAA (including TACACS+)• Port Isolation• Secure web management through HTTPS with SSLv3/TLS 1.2• Secure Command Line Interface (CLI) management with SSHv1/SSHv2• IP/Port/MAC based access control | 
| IPv6 | • IPv6 Dual IPv4/IPv6• Multicast Listener Discovery (MLD) Snooping• IPv6 ACL• IPv6 Interface• Static IPv6 Routing• IPv6 neighbor discovery (ND)• Path maximum transmission unit (MTU) discovery• Internet Control Message Protocol (ICMP) version 6• TCPv6/UDPv6• IPv6 applications - DHCPv6 Client - Ping6 - Tracert6 - Telnet (v6) - IPv6 SNMP - IPv6 SSH - IPv6 SSL - Http/Https - IPv6 TFTP | 
| MIBs | • MIB II (RFC1213)• Interface MIB (RFC2233)• Ethernet Interface MIB (RFC1643)• Bridge MIB (RFC1493)• P/Q-Bridge MIB (RFC2674)• RMON MIB (RFC2819)• RMON2 MIB (RFC2021)• Radius Accounting Client MIB (RFC2620)• Radius Authentication Client MIB (RFC2618)• Remote Ping, Traceroute MIB (RFC2925)• Support TP-Link private MIB | 
| MANAGEMENT | |
|---|---|
| Omada App | Yes. Requiring the use of OC300, OC200, Omada Cloud-Based Controller, or Omada Software Controller. | 
| Centralized Management | • Omada Cloud-Based Controller• Omada Hardware Controller (OC300)• Omada Hardware Controller (OC200)• Omada Software Controller | 
| Cloud Access | Yes. Requiring the use of OC300, OC200, Omada Cloud-Based Controller, or Omada Software Controller. | 
| Zero-Touch Provisioning | Yes. Requiring the use of Omada Cloud-Based Controller. | 
| Management Features | • Web-based GUI• Command Line Interface (CLI) through the console port, telnet• SNMP v1/v2c/v3 - Trap/Inform - RMON (1,2,3,9 groups)• SDM Template• DHCP/BOOTP Client• 802.1ab LLDP/LLDP-MED• DHCP AutoInstall• Dual Image, Dual Configuration• CPU Monitoring• Cable Diagnostics• EEE• Password Recovery• SNTP• System Log | 
| OTHERS | |
|---|---|
| Certification | CE, FCC, RoHS | 
| Package Contents | • TL-SG3428XPP-M2 Switch• Power Cord• Quick Installation Guide• Rackmount Kit• Rubber Feet | 
| System Requirements | Microsoft® Windows® 98SE, NT, 2000, XP, Vista™ or Windows 7/8/10/11, MAC® OS, NetWare®, UNIX® or Linux. | 
| Environment | • Operating Temperature: 0–40 ℃ (32–104 ℉);• Storage Temperature: -40–70 ℃ (-40–158 ℉)• Operating Humidity: 10–90% RH non-condensing• Storage Humidity: 5–90% RH non-condensing | 
*PoE budget calculations are based on laboratory testing. Actual PoE power budget is not guaranteed and will vary as a result of client limitations and environmental factors. The maximum power output of every single PoE++ port is 60 W.
**Zero-Touch Provisioning requires the use of Omada Cloud-Based Controller. Please go to Omada Cloud-Based Controller Product List to find all the models supported by Omada Cloud-Based Controller.
***ISP features can only be configured in standalone mode.
Attention: It is recommended to use only one TL-SM5310-T module for the TL-SG3428XPP-M2.
_1.0-package_normal_20230512065827z.png) 
             
                
             
                
             
                
             
                
             
                
            _1.0-package_large_20230512065827i.png) 
            
           
            
           
            
           
            
           
            
          