In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
cisco ios 10.3\\(3.4\\)
cisco ios 10.3\\(4.2\\)
Vulmon