It kind of depends on how much data you will be moving between these two external subnets. If you allow the HP to route directly between those subnets, you can have as many 1GB streams between them as you have ports configured for them. With "router-on-a-stick" (I've always called it vlan-on-a-stick, but same concept), you would be limited to just 1GB in total throughput between the vlans (leaving out the possibility of doing an lacp trunk between the SonicWALL and the HP).
In doing this method, the third vlan would be considered a "transit network", and would make it easier down the road as your network grows to implement a dynamic routing protocol, or to add more routers into the network, if the need ever arises.
The HP switch would be acting as your layer 3 core, and you would have an IP address in each of the 3 vlans. The SonicWALL would need only an access port to the transit network, and it's own IP on that network.
From there, a default route statement in the HP pointing to the SonicWALL's transit net ip address, and two static routes in the SonicWALL (one for each of your 'external' subnets) pointing back at the HP's transit net IP.
The easy button is to simply run a vlan trunk to the SonicWALL, and put an address on each of the vlans you want to route for. I've done it this way in the past, and if you don't plan on heavy traffic, it's perfectly viable, and pretty easy to configure.
If you could post some of your route statements in your attempts at setting up the transit net, I'm sure someone could help you get that straightened out.
Which MAC address of this new switch will be used for the Bridge ID of
VLAN 15? Will that Bridge ID be used in the Root Bridge election for
VLAN 15?
According to Cisco:
MAC Addresses for Spanning Tree Computation
MAC addresses used for Spanning Tree calculations are stored in an
EEPROM present in the Supervisor module. Regardless of the types of
line modules installed, the Layer 2 MAC addresses for VLANs do not
change unless you replace the Supervisor module. If you do replace the
Supervisor module, the Layer 2 MAC addresses of all VLANs change to
those specified in the address allocator on the new Supervisor module.
In the fixed configuration Catalyst switches, MAC addresses for VLANs
cannot be changed.
Each switch with that VLAN in the layer-2 domain will think it is the root bridge for that VLAN, and it will send out BPDUs with its bridge ID saying that until it receives a better BPDU for that VLAN. That means it it is used in the root bridge selection.
Best Answer
Yes. You don’t even need a trunk. If all ports on both switches are access ports on Vlan 3, then the port connecting the two switches are on Vlan 3 and both switches form one broadcast domain on that Vlan.
If switches are unmanaged then all ports would be on the one Vlan and the number is irrelevant.
A couple helpful details:
Access ports to end hosts or routers should have portfast enabled, but access ports interconnecting switches should not.
Two switches on one Vlan is common for redundancy, but in that case you want two connections between them. Ideally the two connections would be etherchanneled to optimize bandwidth and failover (as opposed to relying on spanning tree to avoid loops).
Under some circumstances (same VTP domain) Cisco switches automatically form 802.1q trunks when you connect them together.