Need to make a large internet network

Are any of them servers? Do you need to provide ssl websites? If not, then the number of ips doesn't matter.
I'd suggest looking at meraki.com for super easy to setup gear that will also run your wifi.

No servers for this event only internet.  Not sure what do you mean by "provide ssl websites"? We are not hosting any webservers, but the network clients will need to access any website from their devices. I'm not worried about the wifi devices at the moment.. i am looking for more backend hardware to make sure the network can handle the internet request.  

you will be able to run these all off a single public ip address, using NAT.
From my understanding you are creating a giant LAN to function as an ISP (a very large version of a home style, linksys router/wifi network setup)
in order to do this, you will need the following:
1) dhcp server - hand out addresses to your clients
2) local dns server - save yourself some bandwidth by resolving dns names locally.
3) router(s)
4) switches

if you are looking for an all -in-one device, i suggest the FortiNet series of hardware. a 200B series FortiGate should provide all you need. it has the router, firewall, NAT, DHCP, and DNS all rolled into one box. it will also afford you the ability to expand easily into using wireless by adding a FortiAP, and you can log/monitor/webfilter all of your internet traffic onto an external log management server / SIEM

the 200B series will handle the bandwidth without great difficulty, even with 3000 users using NAT, but you will get better performance out of a slightly larger model (300C or 310/311B model) if you plan on using a lot of the UTM features (IPS, network antivirus, anti-spam, Data Leakage protection, web-filter) using a UTM device takes care of requirements 1, 2 and 3.

For requirement four, ive used HP procurve switches pretty effectively. using managed switches gives you the ability to create redundant pathing, so you arent dependant on a single network port anywhere (until you get to your internet connection). it also gives you the ability to separate out security zones using VLANs, right down to your users.

depending on your layout, you would probably be better off creating a few subnets and then running all your subnets up from your distroswitch via VLAN into your main router, instead of just having a monster 3000+ client network. Not saying that the monster-net isn't doable, but that you will save yourself a lot of headaches in the long run trying to troubleshoot 12 smaller 254client subnets as opposed to 1 giant 4094-client network.

The reson I mentioned meraki is because their ease of setup for trade shows and things where people pay for access is super easy. Their gear runs quite a few convention centers. They don't do switches though. All their ap and wired equipment have layer 3 capabilities and connect to a web config panel for easy setup

Theoretically 64K clients can be NATed behind 1 Public IP address

How much traffic are you expecting from each of the 3K users?

Will you be utilizing a seperate dedicated unit for Firewall services?

I forgot to mention, using VLAN's combined with some kind of access policy server gives you the ability to quarantine non-compliant users. Users with viruses, botnets, out of date antivirus and operating systems. they can all be sent to the quarantine where they are permitted to go to the various anti-virus updating sites, OS updates sites, and THAT IS IT. because you potentially have a few thousand people on a network at the same time, do you really trust them to keep their machiens clean? I sure dont. On an open network like this, 1 person gets infected, they all get infected. Splitting your network into subnets and segregating them will save you from having huge Bredolab/Conficker botnets and a network requiring nothing short than an exorcist to save.

Thank you all for your imput... i have a few questions
.
If 64k clients can be NATed, i shouldn't have an issue with say 5,000 clients?  i was told i would run out of ports or that my NATing box would die with the load...
 
Would i need 3 FortiGate boxes?  I have been recommend the Nomadix AG 5600... would this work in place of the FortiGate box?

It depends on how many active connections each user is establishing. You have 65,535 ports available for NAT. If each user is using 10 ports then you can only support 65,535/10 or 6553 users. Be careful.... I would have a few public IPs in the NAT pool.

Vyatta might be a good choice for the router if you want to go software Linux based. I have had good luck with it. Switching can be handled by just about any switch providing it can handle the bandwidth.

Do these people need a LAN or is it just Internet access? If its just Internet you can do a walled garden. No one can talk to anyone else, just the Internet

Will your users be using any type of VPN Connection? If you attempt to use 1 NAT'ed address with clients that do not support NAT-T, then you are setting yourself up for a ton of complaints.

Nomadix is a great all in one box. I highly recommend it.

Dear i think you need to consider below

Access:
LAN Subnet-----------------------A Class eg 10.0.0.1/8
DHCP Lease Time----------------30Minutes
Internet line bandwidth----------100MB or above

Distribution:
AP (WDS+IAPP protocol)--------Single SSID with WDS and IAPP
AP Controller (Recomended)---to manage all AP's

Core:
# of SPI Connections Support---1 Million or above
Router Total Memory--------------4 GB with atleat 512MB Flash
Router CPU's-----------------------Multicore, arleat 8 or above
H/A Device--------------------------shuld support H/A

You can always look at the big guys and see what they do
http://www.extremetech.com/extreme/107245-inside-the-worlds-largest-lan-party

When you say "

Core:
# of SPI Connections Support---1 Million or above
Router Total Memory--------------4 GB with atleat 512MB Flash
Router CPU's-----------------------Multicore, arleat 8 or above
H/A Device--------------------------shuld support H/A
"
What type of device are you talking about?  do you have something i can look up?

Dear i was refring to sonicwall E10200

http://www.sonicwall.com/us/products/SuperMassive_Series.html#tab=compare

i was doing some test so it may take some time to finish. while testing i ran into many problems which include
Internet Bandwidth
Switch backbone
Router Memory
DHCP
VLANs

i dont have so many ap and wireless network  cards , so trying with LAN connection.  

i would also agree with expert ArneLovius on " would suggest no more than 500 hosts per external IP address, so for 3k users you should have at least 6 external addresses in a NAT pool, more would be better"

i did one test in lab, in our LAB using virtual hosts 1 came to know that 100MB line is not sufficent for even 10xx hosts, since you will have 3000 users so each users should have atleast 128-256kb (in order to safely browse) so if you multiply 256*3000/1024=750MB or 375MB with 128kb. i would suggest you should have atleast 2-3 internet lines 512MB each from ISP with Load Balancing enabled  

i would also agree with expert xanandu and ArneLovius for DNS server.
from the test i came to know you should have atleat  2 DNS servers (1 Primary and 1 Secondary)for name resolution.

A part from above you have to make sure your Backbone (Switch to Switch Connectivity) should be on redundent fiber (10GB) and all AP should support 1GB backboone connection + single AP should not be connected to more then 108+ clients

i ran into a problem of DHCP issue with VLANS, you also need to consider that how you will manage DHCP in VLANS (in case of vlan you should have all switches locations, mgmt vlan ip and 3-5 administrator ready on centerlized location. event location can also play key role if the event will be in multistory building you can setup vlan based on floor and would be very easy to manage DHCP and other conflicts .