You can create an access control list and apply it to the appropriate interface. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#wp3101028446
BPDUs are not propagated beyond the LAN on which they originate, i.e. switches do not flood BPDUs. Your scenario highlights the importance of always running STP, if only for insurance.See:http://standards.ieee.org/getieee802/download/802.1D-1998.pdf...
You can do outbound load balancing by placing a pair of routers (for redundancy) behind the internet-connected routers. Advertise default routes from each of the internet routers via your IGP and load balance across the two defaults. Inbound traffi...
