is there a posibility on 2960 or 3560 to limit number od BPDUs? for example to 100/s. Because when network loop occur the switch is bombarded with BPDUs and the swich has to process all of them by CPU.
thanks a lot
To go back to your original question, you say that "when network loop occur the switch is bombarded with BPDUs". As far as I know, that does not happen. Even if the fake switch forwards the BPDUs, the Cisco switch does not. The BPDUs are strictly switchport to switchport (or more correctly bridgeport to bridgeport), and therefore cannot loop in the way you might think.
I find it much more likely that what is hitting your switch is looping broadcast frames. But you say that you have bpduguard, so that should have protected you. OK, you may gat a storm for a couple of seconds, but the first BPDU that hits the access port should shut down that access port and cut the loop. So what is actually going on?
Well, I can think of two possible explanations. One is that bdpuguard is not actually configured on the access port. The other is that bpdufilter is. If you want the protection that bpduguard gives you, you should never never enable bdpufilter. In fact, you should never configure bpdufilter except in very rare corner cases; enabling bpdufilter is just not safe networking.
I have just one small doubt, and perhaps a switching expert can help me out on this one. If you configure storm control, can the storm control drop BPDUs as well. IMHO it shouldn't, but can someone confirm that?
There is one other corner case to consider. On these ports where they connected the fake switch, did you have port security configured? That can lead to unexpected trouble too, like blackholing MAC addresses that have nothing to do with this switch.