While trying to setup a restricted command set for our NOC on a cisco 3850 I found that I couldnt match on GigabitEthernet 1/1/1. After some debuggin and a packet capture with the help of TAC it was discovered that CPPM wanted to see GigabitEthernet 1 1 1. No slashes. Hope this helps someone. In the pic i have the wildcard setup for Gi1/1/1-4
Cisco 3850 ios3.6.7
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network default local group radius
aaa authorization auth-proxy default group radius
CPPM 6.6.5.xxxx
Directions from brodiman
CPPM
In your enforcement profile
selected service = shell
privilege level = 15
In your commands tab
service type = shell
check enable to permit unmatched commands.
click add
command = show
argument = version
leave the rest default click save and test.