A requirement to support BYOD probably means it has a good featureset for RADIUS support and good ACL implementation, unless you want to implement ACLs per VLAN at the nearest layer 3 hop instead of at the edge. Some switches don't scale well when it comes to applying policies per user rather than per VLAN - have this issue with Avaya switches in our environment. In that scenario you would want to apply policies per VLAN most likely and maybe not do it at the edge but upstream.
Look for authenticating multiple hosts with multiple authenticated roles or VLANs per port. For example, you want to be able to support both an IP phone and a guest / BYOD user plugged into the back of the phone on a single port if possible, and filter traffic according to your ACLs or dynamic VLAN assignments appropriately for each user/device on that port.
I don't know how many vendors do this aside from Aruba, but having a switch built around user-roles is a big deal. Aruba mobility access switches offer this in addition to or in lieu of VLAN based access management. So instead of using dynamic VLAN assignment via RADIUS as the mechanism to separate guest / BYOD users from corporate users, you can have them coexist in the same VLAN but still assign different user roles and different ACLs. The benefit is that users won't experience an IP release and renew since they don't get shuttled over to a different VLAN after authentication, which can cause problem W/R/T user experience. I don't think these devices are truly quarantined from each other within that VLAN (there's a name for that but don't recall off the top of my head) where they can't talk to other devices within the same broadcast domain. Maybe there's a way to replicate that with an ACL as a bit of hack but I don't know.
Switches should support an initial role or VLAN for unauthenticated devices/users, a default role/VLAN for users that get authenticated but the role / VLAN isn't passed back as a RADIUS return value, and a fail-over role / VLAN when RADIUS goes down.
Should support QOS measures that can be assigned as a RADIUS return value.
Captive portal integration on the switch and/or proxying that to an external captive portal (a'la Clearpass Guest) would be a big deal.
Downloadable ACL support would be good (ACL is defined centrally in Clearpass, and is pushed to the switch as a return value and applied to the user dynamically).
Look at Aruba S2500 and S3500 as one of your options, btw, they're really built around supporting BYOD and integrate well with their wireless stuff and Clearpass. We're deploying about 300 of them at 13 campuses and will probably continue beyond that in the future.