Hello,
I have a question on VRRP security in RouterOS - I’m trying to find a way to mitigate VRRP hijacking attack (when a rogue network device sends a VRRP multicast packet with maximum priority to hijack the master role).
Is it possible to keep VRRP multicast traffic (allocate a dedicated interface/vlan just for VRRP multicast messages) and virtual IP address on different interfaces?
In essence, my question boils down to “is it possible to put vrrp negotiation/keepalive traffic on a dedicated trusted vlan/physical interface whilst setting the virtual router IP on an untrusted interface”?
Many thanks in advance for your kind response.