diff --git a/website/content/docs/configuration/acl.mdx b/website/content/docs/configuration/acl.mdx
index f64142bab..90e733ee0 100644
--- a/website/content/docs/configuration/acl.mdx
+++ b/website/content/docs/configuration/acl.mdx
@@ -25,7 +25,10 @@ acl {
 ## `acl` Parameters
 
 - `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other
-  ACL configuration options depend on this value.
+  ACL configuration options depend on this value. Note that the Nomad command
+  line client will send requests for client endpoints such as `alloc exec`
+  directly to Nomad clients whenever they are accessible. In this scenario, the
+  client will enforce ACLs, so both servers and clients should have ACLs enabled.
 
 - `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for
   cached ACL tokens. This does not affect servers, since they do not cache tokens.