That is a good point. I will look into that.

I wonder if DNA sees multiple devices sharing one access port (VoiP + Desktop) and then determines that port an infrastructure port.

I've just checked two of my Cat9k switches and IPDT_MAX_10 has been configured on ports that are connected to Cisco IP phones (the Cisco IP Phones appear as CDP/LLDP neighbors). The only ports with IPDT missing are core uplink ports and ports connected to access points. I believe this is because the IPDT_MAX_10 profile is limited to a maximum of 10 addresses which could easily be exceeded on these ports. This is behaviour consistent on both switches.

I cant find any documentation that backs this up so this is my assumption based on the behaviour that I have observed. Let me know what you find as I would be interested to see if this behaviour matches on your switches as well.

I did more tests and it still seems completely random. Lets say I discover 5 9000 series switches. At least 3 of them will have not applied IPDT properly to the interfaces. Example of interfaces that did net get the IPDT policy. One port only had a phone connected, one port had a phone and a PC connected and one port had nothing connected to it. Every port that had just a pc connected to it received the policy correctly. These are 9200 and 9300 series switches.

Side note - 2960s and 3560s will receive the IPDT policy but the maximum is set to 0 rather that 10.

Ok that's interesting.

I took the time to test the behaviour on a new switch that had 2 x APs and 2 x laptops connected, and IPDT was provisioned immediately once the switch was added to the DNAC inventory on all host/access ports except the AP ports (which are also configured as access ports). This is consistent with what I have observed previously

I then deleted the new switch from DNAC, wiped and rebuilt it but disabled CDP globally. Once the switch was discovered and added to the inventory, IPDT was again enabled on all host/access ports but this time it was also enabled on the AP ports.

For completeness, I also tested the behaviour on the uplink port that connects to my core switch

With CDP enabled

• Uplink port configured as mode access - IPDT not enabled
• Uplink port configured as mode trunk – IPDT not enabled
• Uplink port configured as routed – IPDT not enabled

With CDP disabled

• Uplink port configured as mode access - IPDT enabled
• Uplink port configured as mode trunk – IPDT not enabled
• Uplink port configured as routed – IPDT not enabled

So this proves that DNAC will only enable IPDT on access ports (never on trunk or routed ports), but also proves that DNAC will not enable IPDT on access ports that connect to APs and other switches using CDP data. 

Unfortunately I dont have an IP phone to test with so I'm not sure why you are seeing the behaviour that you described.  Someone else from the community will need to comment on this or you may need to raise a case with Cisco TAC to find the answer

Hope this helps

Generally it should be applying IPDT to non-access ports as discussed above.  If it's applying IPDT "randomly" then there is something wrong and I would recommend a TAC case.