h3c
 
 1、启用
 connection-limit enable         /*开启连接数限制功能
 connection-limit default deny /*默认连接数限制为拒绝
 connection-limit default amount upper-limit 50 lower-limit 20 /*默认下连接数上限为50,下限为20
2、ACL配置
acl number 2007
 description bruce chan
 rule 0 deny source 172.17.16.42 0              /*不在限制范围内的地址
 rule 1 deny source 172.16.17.0 0.0.0.255
 rule 2 deny source 172.17.17.187 0
 rule 3 deny source 172.17.16.210 0      
 rule 4 deny source 172.17.17.91 0 logging
 rule 5 deny source 172.16.2.47 0
 rule 10 permit source 172.17.16.0 0.0.0.255  /*匹配172.17.16.0/24网段
 rule 20 permit source 172.17.117.0 0.0.0.255
 rule 30 permit source 172.17.218.0 0.0.0.255
 rule 40 permit source 172.17.131.0 0.0.0.255
 rule 50 permit source 172.17.151.0 0.0.0.255
 rule 60 permit source 172.17.181.0 0.0.0.255
 rule 70 permit source 172.17.123.0 0.0.0.255
 rule 71 permit source 172.17.220.0 0.0.0.255
 rule 72 permit source 172.17.122.0 0.0.0.255
 rule 73 permit source 172.16.0.0 0.0.255.255
3、根据匹配的ACL建策略
 connection-limit policy 0
 limit 0 acl 2007 per-source amount 110  80
4、运用策略
nat connect-limit-policy 0