I believe this is normal behavior since it follows how AireOS implements P2P blocking.  I to have tested this on both AireOS and IOS and the only time I use this is when i have a single controller (not SSO and not N+1) where I may have ap's on both controllers, also when clients only gets put on a single subnet.  I just tested this just now since I'm using iPSK and placing endpoint devices on specific vlans and P2P doesn't block.

This is one of those classic features that is completely misunderstood. Also from me for years due to inadequate documentation and logic.

If we look into the client table of our Controllers, there are all the information for blocking client peers in the same WLAN Profile:
- IP Addresses
- SSIDs and so on.

So from WLC perspective Peer Drop is a WLAN FEATURE. And this is the quote from Config Guide 17.12.1:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-12/config-guide/b_wl_17_12_cg/peer-to-peer-client-support.html?bookSearch=true
"Peer-to-peer client support can be applied to individual WLANs, with each client inheriting the peer-to-peer blocking setting of the WLAN to which it is associated. The peer-to-Peer Client Support feature provides a granular control over how traffic is directed. For example, you can choose to have traffic bridged locally within a device, dropped by a device, or forwarded to the upstream VLAN."

--> So this is documented information is completly wrong. Scott mentioned it right. It is based on the VLAN, not the WLAN.
For example: If you have two SSIDs leading to the same VLAN and only Peer Drop is active on SSID 1, all clients are not able to communicate with each another in both SSIDs.
If you use one SSID with VLAN Grouping, and Peer Drop is active, only Clients in the same VLAN will be blocked. Clients in different VLANs can reach one another. So this is a Blocking Gambling because of Round Robin.

If one of the old hands falls away from the faith, don't worry about it. I felt the same way.