Yes, the port that goes to the MX and the port that goes to the MG21 need to be in the same VLAN, most likely with nothing else on this VLAN. If you're using an MS as the PoE source then you need to also make sure that you have given consideration to where your management IP address is coming from - is it from the MG21? Or if the MS is also connected to the LAN side of the MX is it from an internal network?
And finally if you are using an MS and it is connected to both the WAN and LAN ports then expect some impact on the accuracy of the reporting through the Dashboard as it may well be double counting traffic.
Personal opinion: using a power injector for the MG21 is actually the best solution, but if you want to use a PoE switch dedicate it to the WAN side of the MX (in which case why not just use a power injector?), and if you do use an MS connected to both the LAN and WAN, just be aware of the impact it may have on your reporting.
If you have an MX with built-in PoE ports (MX65 or 68), you can use one of those two ports to power the MG, then connect the other MG port to that MXs WAN/Internet port. You would want to configure the MX PoE port to prevent traffic flow over it. It's not ideal, but it will work.